After updating the Security Assertion Markup Language (SAML) Configuration for Google Workspace, the Service Provider (SP)-initiated login fails with an error message from Okta.

You are not assigned this app in Okta.
 

• Google Workspace

Ensure that the Sign-in page URL in Google Workspace's Single Sign On (SSO) settings matches the Sign-in page URL generated by the new Okta Google Workspace application.

1. In the Okta Admin Console, navigate to Applications > Applications.
2. Select the new Google Workspace application.
3. Navigate to the Sign On tab and click View Setup Instructions.
    
   
4. Copy the Sign-in page URL listed in step one of the Complete the Single Sign-on Screen section.
5. In the left pane of the Google Workspace Admin page, navigate to Security > Authentication.
6. Click to expand the SSO with third-party IDP section.
7. Select the correct SAML profile from the Third-party SSO profiles list.
8. Ensure the value listed in the Sign-in page URL matches the URL copied in Step 4. If it does not, click the pencil icon to replace the Sign-in page URL with the new URL.
9. Click Save.

Related References

• How to Configure SAML 2.0 for Google Workspace
• Troubleshoot single sign-on (SSO)