Google Workspace SSO returns:
Couldn't sign you in Contact your domain for help.
The correct domain is configured in the General tab, and the Application username format is configured according to Google Workspace's username format.
- Google Workspace
- Single Sign-On (SSO)
Based on the available information, the Couldn’t sign you in error in Google Workspace SSO can occur for the following reasons, even when the RPID and domain are correct:
- Legacy Profile in Google Workspace is enabled.
- User is assigned the Super Admin role.
If RPID is not set, please follow the Google Workspace SAML Setup Instructions found on the Sign-On tab for the Root organization SSO profile (RPID unset) by configuring the "Third-party SSO profile for your organization":
- Manage SSO profile assignments is set to Organizations third-party SSO profile.
- Legacy Profile in Google Workspace must be disabled (if it was not assigned to any Google OU).
If the URL contains rrk=21, verify if the user has a Super Admin role assigned. This error typically occurs because Super Admins are restricted from signing in through this specific flow; if administrative access is not required, downgrade the user to a standard role or have them use a non-admin account.
