Google Apps New Account cannot log in

Hi,

We have integrated Google Apps with Auth0 as the IP. Our existing Google users can login without any problem. We now have created a new Google Account and have added a new user in Auth0 with the new Google email. The login succeeds but we get the following error when redirecting back to Google:
" G Suite - This account cannot be accessed because we could not parse the login request."

Any ideas why we cannot access it?

Kind Regards,
Jan

Hey there @jan.hoskens, when you get a chance can you clear your browsers cache/cookies and see if that makes a difference. If not, the next step is to snag a HAR file during the error producing workflow and DM it over to me along with the tenant name. Please let me know if you have any questions or concerns!

Hi,

We got in touch with Google Support and they found the following: when accessing existing accounts, the SAML contains an additional attribute with the nickname. But when accessing a new account (new in Auth0 and Google), this attribute was an empty tag.

Existing account:
<saml:Attribute Name=“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:uri”>
<saml:AttributeValue xsi:type=“xs:string”>reception_valipac.be</saml:AttributeValue>
</saml:Attribute>
New account:
<saml:AttributeStatement xmlns:xs=“XML Schema” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”/>

Not sure why Auth0 does not map the nickname correct with the new user. But Google Support said it was unnecessary to add this. So we removed it and everything worked fine.

We used the SAML from the documentation at Configure Google Workspace as SAML Service Provider , which incorrectly uses a mapping for nickname. It should not be there.

Kind Regards,
Jan

1 Like

I’m glad to hear that it all came together @jan.hoskens! Thank you for sharing the solution and I will be sure to relay your feedback to the Docs team :+1:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.