RichardL.82641 (Customer) asked a question.
Hi there,
Hopefully something obvious.
We are in the process of setting up G Suite integration (using the 'G Suite' application, and have completed all the steps listed in the documentation.
Indeed, a user is able to click on 'gmail' from their Okta homepage, and be logged straight into their email. Also, we are able to browse to https://mail.google.com/a/[domain-name], and this redirects immediately to Okta. So far so good.
However, and please correct me if I'm wrong, but my understanding was that if I was to attempt to log in at https://mail.google.com - using the default gmail login page - once I have entered the email address of the (non-admin) user, I would then be redirected to the Okta sign-in page to enter the password. Is this a correct expectation?
We are still in roll-out mode, and yes, network masks are enabled in G Suite, but we are 100% certain that they are correct.
One thing that is puzzling (apart from a number of incorrect steps in the documentation regarding API), is that there is no reference to Default Relay State. This setting is currently blank.
Thank you in advance,
Richard.
Richard - look towards the end of https://saml-doc.okta.com/SAML_Docs/How-to-Enable-SAML-2.0-in-Google-Apps.html under SP-Initiated SSO. Does this help?
Hi Jeff,
Thanks for your reply - as far as I can see (after reading it 20 times) the documentation doesn't mention 'Default Relay State', however perhaps I can contrive that that value should be https://www.google.com/a/[domain]/ServiceLogin?continue=https://mail.google.com.
However, I have tried using that value, and it doesn't change the behaviour that when attempting to log in the regular google authentication screen, I do not get redirected to Okta - it just asks for the normal Google password using the native Google dialogue boxes 😞
I'm not even sure if these are 2 separate issues, or if one is causing the other!
I think I may have to get in touch with support on this one. Thanks.