kkqb7 (kkqb7) asked a question.
How can I get an EA access to their manager's gmail inbox if Okta SSO in turned on for Google Workspace?
We recently switched on Okta SSO as required for our Google Workspace, and my colleague who is set up as a delegate in her manager's gmail inbox no longer has access. It states The session has expired. When she clicks her manager's email, she is redirected to Okta with her own sign in credentials filled. When she clicks log in on Okta, she is taken back to her own inbox. The manager has confirmed that they've set up the delegate correctly in their gmail account.
How can we ensure she continues to get access to his inbox? Thank you
Hello @kkqb7 (kkqb7),
Thanks for posting.
https://saml-doc.okta.com/SAML_Docs/How-to-Enable-SAML-2.0-in-Google-Apps.html?baseAdminUrl=https://coinme-rise-admin.okta.com&app=google&instanceId=0oabfcdq5rsBHVdiH5d6
This is the SAML SSO guide generated specific to your Google Workspace app and it outlines the steps to set up Okta as a third-party Idp in the Google Workspace Admin portal (wherever you want to have Okta act as Idp to connect to Google applications.
If you are set up to connect to Gmail using SAML the Okta accounts connect to Gmail accounts on a 1:1 ratio for a domain. There is no way to have one Okta user connect to multiple Gmail accounts.
The first option would be to set up multiple Okta accounts. One Okta account for each Gmail account. The second option would be to set one Gmail address as the alias of the other and delete the second Gmail account. That would result in the user having only one Gmail account.
We do not offer any feature such as Gmail delegation, which was done via Google Admin configuration outside Okta.
We always suggest customers have different Google Workspace app each for a different domain they tried to log in with and then set up the corresponding google workspace to use the dedicated GoogleWorkspace app as IDP on Google Workspace.
Regards,
Natalia
Okta Inc.