Setup of G Suite IDP for SAML direct federation for B2B

Question

We want to enable guest users for a particular domain to login with their G Suite accounts. We setup the direct federation, but invitations are not redeeming.

We can see when the user accepts the invitation, the user is passed to G Suite, authenticated, passed back to Azure, but then get's the message:

Invitation redemption failed
An error has occurred. Please retry again shortly.

It seems then the SAML response from G Suite to Azure is broken. Either the SAML response is malformed or Azure isn't processing the response correctly.

Any ideas?

Answer 1

@Name I tried to fetch the details from our backend database based on the correlation ID and timestamp but I was not able to find any records.

If you're still having an issue here, please email AzCommunity[at]microsoft[dot]com and I can enable a one time free support ticket. Please provide your Azure Subscription GUID and a reference to this thread. And hopefully we can get you on the right path again soon.

In addition to that once you are able to resolve your issue with the support engineer, please post your response on this thread so that future readers will be able to benefit from your solution.

Answer 2

@Name Did you solve your issue? If yes, how?

Thanks

Answer 3

Hi. I've been trying to implement a similar configuration. Can you please help me with how the SAML app is to be setup at the g-suite end.