This article aims to help Admins who may encounter issues with Google Workspace/G-Suite SSO SAML login like 

1) Google is not redirecting the users to Okta for authentication and allowing them to log in directly OR 
2) Users created in Google workspace attempting to log into the Google account directly are being redirected to the Okta login page.

• G-Suite
• SP initiated flow
• Single Sign On (SSO)
• Network Masks

G-Suite has a concept of "Network Masks", and it determines which IP addresses will be affected by an SSO process. A misconfigured network mask may prevent the user from getting redirected to Okta or routes all users that are part of the IP range to be required to log in through Okta.

1. Navigate to G-Suite's admin console using the administrative account.

2. Click on Security.

3. Scroll down and click on Set up single sign-on (SSO) with a third party IDP.

4. Scroll down to Network Masks and verify that the proper IP address was configured. An incorrect IP address will prevent the users from getting redirected to Okta's login page.