Google Workspace provisioning flow fails with the following error visible in the Okta dashboard:
Automatic provisioning of user <username> to app Google Workspace failed: Failed to verify that the user exists. com.sun.jersey.api.client.UniformInterfaceException: POST https://accounts.google.com/o/oauth2/token returned a response status of 400 Bad Request
- Google Workspace
- Provisioning
- Error
- The Google Workspace administrator credentials used for creating the API connection are invalid.
- The authentication token is invalid.
- Non-approved third-party APIs are blocked from accessing the Google tenant.
-
Enable the API Access checkbox in Google Workspace:
- Sign in to the Google Workspace admin console.
- Go to Security > Access and data control > API controls > MANAGE THIRD-PARTY APP ACCESS.
- In the Accessed Apps section, click View List.
-
- The Okta app can be found there. Verify that the Blocked option is not selected for the Okta App.
- The Okta app can be found there. Verify that the Blocked option is not selected for the Okta App.
-
Go to the Okta admin console and navigate to Applications > Applications > Google Workspace > Provisioning > Integration > then click the Edit button.
-
Click Re-authenticate with Google Workspace.
-
Enter the Google Workspace Admin account credentials:
-
- Enter the admin username.
- Enter the admin password.
- Review the list of permissions Google will grant Okta to perform in the Google Workspace tenant. If acceptable, click Allow.
-
A message confirming successful authentication will be seen on the Provisioning page in Okta. Click Save.
- Attempt the failed tasks again. Navigate to Dashboard > Tasks. Any failed assignments should appear under Tasks.
- After locating the failed task for the user that should be retried, click on Retry Selected.
