@Ammar Aganovic
Thank you for posting your query on Q&A.
I’m glad that you have some progress with the federation setup. the primary domain in Google Workspace is the one that is used to exchange the SAML token with Microsoft Entra ID. You need to make sure that the primary domain in Google Workspace matches the domain that you want to federate in Microsoft Entra ID.
If you have multiple domains in Google Workspace, you can change it to primary domain. Post which you would need to federate the new primary domain with Microsoft Entra ID. However, changing the primary domain might affect other Google services kindly check the documents from Google Workspace.
Auto-provisioning of users from external sources like Google to Entera ID did not require any license and it includes identity and access management free features.
However, features such as conditional access policies, self-service password reset, and other security reporting, may require licenses.
Users who need to use Power BI or Office applications will require additional licenses assigned to them in Entra ID.
I hope this answer helps! If you have any further questions, please feel free to ask.
Thanks,
Akhilesh.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.