CesarM.21467 (Customer) asked a question.
Hi all,
On our Google Workspace account, we are using an IdP as our main IdP to make it easier for our students to log into their Chromebooks. Because we were forced to set up Okta as a third-party IdP profile and assign it to our staff's Organizational Units, the Google Workspace integration from Okta does not work properly. It would give the user an error ("login credentials could not be verified.")
After weeks of working with Okta support, no solution or workaround was found.. so, I was forced to create a custom SAML app for Google Workspace. The itself is working fine, but now I don't have the benefits of provisioning, password sync, etc. that the app from the Okta catalog offers.
On the custom SAML app, I went to General and enabled Provisioning with SCIM. When going to the Provisioning tab, it asks me for "SCIM connector base URL", "Unique identifier field for users", and to choose an authentication mode (Basic Auth, HTTP header, or OAuth 2).
There is no documentation on Okta regarding this process. Has anyone gone through this? Any help/guidance would be much appreciated.
Hello @CesarM.21467 (Customer) Thank you for reacting out to our Community!
We would recommend to involve Google support as well, to have their side reviewed as well.
Please also see this doc from their side that could provide an inside as well:
https://support.google.com/a/answer/6262818?hl=en#:~:text=(ACS)%20URL.-,What%20does%20this%20error%20message%20mean%3A%20%22This%20account%20cannot%20be,Google%20Workspace%20has%20on%20file.
As an alternative, you can keep the SAML application for authentication and use the application from the catalogue and use it for the provisioning part, which you would hide it from the users.
Community members help others by clicking Like or Select as Best on responses. Try it today.