Problem statement
When an employee whose credentials were used to set up a Google Workspace Enterprise connection is removed, all authentication stops, and the connection ceases to allow log-ins until another person with administrative permissions on the Google Workspace re-grants Auth0’s permissions via the URL in the Setup Tab of the SSO setup.
How are the permissions between the Google Workspace Enterprise connection configuration tied to Google Workspaces? Is there a way to set up the Google Workspace connection so it’s not tied specifically to the administrator who granted the permissions?
Symptoms
Google Workspace Enterprise connection ceases to allow logins after Workspace admin is deleted
Troubleshooting
Check Google Workspace connection for presence of extended attributes being enabled.
Cause
If any Extended Attributes are checked for the connection, these extended attributes require calling the Google Directory API with an Admin’s access token, not the client’s.
If the admin that sets up the connection is deleted, these tokens will be rejected by Google as they are no longer associated with a valid account.
Solution
The new Google Workspace admin needs to use the Continue link found on the Setup Tab for the relevant Google Workspace Enterprise connection to reauthorize the application for API access.
