16

I'm usign Google G Suite and created an app which is manage users logins with G Suite SAML. (see. https://support.google.com/a/answer/6087519?hl=en&ref_topic=6304963#)

Everything is works smoothly, but I have problem when users not logged in our G Suite account and also logged in their own Google account.

In that case, Google login page not asks user to login our G Suite account and gives 403 - app_not_configured_for_user error directly.

So, here is the questions

  • What should I do for log-in our users in that case?
  • There is any available domain login page in G Suite?
  • Or even more perfect, is there any custom login page for SAML login?

Thank you.

Will Angley
  • 1,392
  • 7
  • 11
ugurerkan
  • 790
  • 7
  • 17
  • 1
    This link looks helpful: https://robinpowered.com/blog/how-to-set-up-saml-with-google-apps/ You have to allow the app for every user, which is done in the "SAML applications" section of the G-Suite admin. – Paul Mougel Mar 02 '17 at 14:03
  • Thank you for your answer Paul, but I already enabled my app for every user on my G-Suite. If user is only logged in our G-Suite account there isn't any problem. But, if user is logged an other account, Google login page does not ask for account chose and gives error. – ugurerkan Mar 02 '17 at 17:26
  • I'm having the same issue. Did you ever find an answer? – MakkyNZ Jul 04 '17 at 22:48
  • @MakkyNZ unfortunately I did not found. – ugurerkan Jul 05 '17 at 21:18
  • 4
    I found a fair solution , redirect the browser to : https://accounts.google.com/AccountChooser?continue= {url encoded current redirection url} Its based on post on https://stackoverflow.com/questions/48806629/google-saml-app-not-configured-for-user-equivalent-of-prompt-select-account-sa – Hagay Goshen Jan 01 '20 at 13:33
  • This post was created five years ago and still no answer. I'm really curious whether the bountry actually causes this question to be answered. – MC Emperor Feb 08 '22 at 22:48
  • I am facing the same issue (Only one account it signed in others signout out including IDP domain) We have keycloak as service provider and using google IDP (saml2 app). Would like to know solution or work around to forcefully enable Acount Chooser using keycloak config ? I do I force choose account in above configuration – Aslam Sayyed Jun 29 '22 at 17:19

1 Answers1

-2

Instead of redirecting the user from your application to the Google Identity Provider, try redirecting them to the Google Account Chooser, which is:

https://accounts.google.com/accountchooser?continue=

**Credits to Neal Soni: Google SAML app_not_configured_for_user / equivalent of prompt=select_account SAML

https://stackoverflow.com/users/12413808/neal-soni**

KiyanH
  • 1
  • 1
  • 2
    As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Feb 16 '22 at 05:01