MatthewT.70270 (Customer) asked a question.
Using the Google Workspace integration in the Application Catalog, SAML doesn't work.
It seems the ACS URL getting passed to Google is:
https://www.google.com/a/<mydomain>.com/acs
But google apparently is expecting:
https://accounts.google.com/samlrp/acs?rpid=<SOMEUID>
So I went and created a custom SAML application, and I'm able to utilize SSO.
However, I can't provision new users with Okta, as all of the Okta documentation for Google Workspace references Configuring API integration, which even if I enable SCIM on the custom application, doesn't appear.
So I thought maybe I did something wrong the first go around, so I recreated the Application using the Integration in the app catalog, only to find myself back where I started, except I am able to provision new users - the just can't log in.
Anyone assigned the app in okta gets:
https://www.google.com/a/<mydomain>.com/acs
Google Workspace - This domain is not configured to use Single Sign On.
This domain is not configured to use Single Sign On.
We are unable to process your request at this time, please try again later.
Am I missing something or can that app integration be fixed to allow Okta users to change the ACS URL?
@MatthewT.70270 (Customer)
I setup google workspace in OIE, it is working fine:
https://saml-doc.okta.com/SAML_Docs/How-to-Enable-SAML-2.0-in-Google-Apps.html