0ldxm (0ldxm) asked a question.
SAML 2.0 Gsuite and GCP - should certs match?
Hello,
we have setup Gsuite with Okta long time ago and it's working fine. Now we tried to setup GCP with Okta and problem we are facing is:
This account cannot be accessed because the login credentials could not be verified.
I was listing certificate from Gsuite and GCP and found out they are not the same. If I create multiple GCP apps on Okta they all use the same certificate from first GCP app.
I have two questions:
1) Should Gsuite and GCP certificate match?
2) Is there a way to "make" GCP app use certificate from Gsuite app?
Hi Damir,
Thank you for reaching out to Okta technical support.
SSO configuration in GSuite is per domain and not application, so if you have configured SSO for one Google domain, all the Google applications of that domain will authenticate to Okta.
Please follow the documentation provided below to configure G Suite and GCP with Okta and avoid authentication issues:
https://www.okta.com/sites/default/files/UsingOktaWithGCP.pdf
Please let me know if you have any questions.
Thanks,
Jonil Soni
Technical Support Engineer
Hi Jonil,
by SAML rules, you MUST have same application certificate to authenticate properly. That is not the case for us, GSuite uses one cert, GCP uses another. I have a ticket with support for over a week now, it has been confirmed by support certificates should match. So there is a problem with Okta and our account.