The problem outlined in this article pertains to difficulties in user provisioning on Google applications using Okta. Specifically, Okta is unable to create a Workspace account. To replicate this issue, attempt to create a Workspace account using Okta under the conditions described. The resulting error message will be:

 Not authorized to access this resource/api.

• User Provisioning
• Google Workspace
• SAML 2.0

This issue arises primarily due to insufficient access privileges assigned to the user on the Google side. The Not authorized to access this resource/api error occurs when the user does not possess the super admin privileges necessary to authorize account creation through Okta.

The issue can be resolved by adjusting the user's access privileges. Here are the step-by-step instructions:

1. Log in to the Google Admin console.
2. Navigate to the Users section.
3. Identify and select the user experiencing the issue.
4. Modify the user's role to Super Admin.
5. Save the changes and log out of the Google Admin console.
6. Try to provision the user to Google Workspace again via Okta.

After performing these steps, Okta should be able to successfully create the Workspace account.