l380v (l380v) asked a question.
So I'm trying to configure an additional Google Workspace via SSO third party IDP.
What should I enter for the IDP entity ID? I can't locate an URL that works... The IDP entity ID is a required field.
Nothing on the generated SAML setup instructions references this field / or works.
Also tried details in the SAML metadata page...
I'm in the same boat as Kai. Can't figure out what exactly is supposed to go into that IDP identity field.
@l380v (l380v) Thank you for the additional details. I have looked further into this and the entity ID should look something like "google.com/a/acem.com" where acme.com would be your google company domain. Please try that and let me know if that works.
CC @Marques Stewart (Achievement First)
@Paul S. (Okta, Inc.) I see where you are getting this format.
@Marques Stewart (Achievement First) If you select the active SAML cert in the additional Google Workspace app - View IDP meta data. In the XML you can find the Entity ID Paul is suggesting we try.
However, no joy for me either.
Looking on the Google side, their format of the Entity ID looks like this:
https://accounts.google.com/o/saml2?idpid=a00112233bb44
(Admin console - Security - SSO with Google as SAML IdP)
I suspect Google is expecting a URL that they can reference....
Thanks - I see now where he got that Entity ID from as well, but still no dice. Even just tried to put the URL from the metadata certificate in that slot, no change.
Just tried to make the Entite ID something like google.com/a/achievement1st.net and it didn't work (domain is not real, just an example). This is the error message I am getting: https://share.getcloudapp.com/o0uGlXyd
@Marques Stewart (Achievement First) and @l380v (l380v) I have further investigated this issue and what I was able to find is that this Google Workspace option is not compatible with the OIN application and you would need to configure a Custom SAML application on Okta side.
However to confirm this I would recommend to check this with Google Workspace Support as well.
Hope this helps!
That's not a great answer since Google is a pretty big Workspace vendor. Why isn't it compatible and what would it take to make it compatible?
Is Okta working on instructions on how to use this new functionality with a Custom SAML application? What exactly would Google Workspace support say about configuring a custom SAML application within Google - i feel they would just say 'talk to Okta'.
Hello @Marques Stewart (Achievement First) In order to make the OIN compatible with this new Google Workspace, google needs to reach out to Okta to update the application.
For the Custom SAML application you need to add a SAML app in Okta and after you add it you have the required information on the View Setup Instruction
Please see our instructions on Custom SAML apps:
https://help.okta.com/en-us/Content/Topics/Apps/Apps_App_Integration_Wizard_SAML.htm
I've succeeded with a customized SAML2 application, you must use SP Entity ID/SP ACS URL from Google's SSO profile, the one from OIN will not work since SP ID/ACS are fixed in official GWS app.
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
May Okta Community Buzz
Stay ahead of the curve with Okta for AI Agents, new Okta Learning live sessions and labs, shout-outs, and top trending topics—all aimed at enriching your Okta journey.