25,168 questions
This sometimes happens if the user mapping is not correct. Please make sure that the value in the NameID in the SAML Response is matching with the user in Google apps.
Only one user fails to login to GSuite with SAML integration with AzureAD
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 57.99999999999999%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
murakami.katsutoshi
1
Reputation point
I am using AzureAD with a free license.
I believe there was no limit on the number of SAML integrations last year even for free.
I used the "Google Cloud / G Suite Connector by Microsoft" to set up SAML integration to GSuite.
Of the 6 people registered in AzureAD, 5 are able to login to GSuite via SSO using the user ID registered in AzureAD, but only 1 is getting an error.
Does anyone know the cause?
The error says
* After logging in with AzureAD, it redirects to the Google side, but the Google side shows "Invalid email" and the login fails.
Azure Plan:
* This is a free plan. (I haven't even registered my credit card).
Linkage Settings:
* Using "Google Cloud / G Suite Connector by Microsoft", set AzureAD as the parent and GSuite as the child.
Provisioning: Both provisioning and SAML integration have been configured.
What I found out
* A user was created on the GSuite side. When I unlinked them and tried to log in on the GSuite side, the user who had the login error was also able to log in to GSuite.
* It seems that both SAML integration and provisioning integration are configured correctly. The other 5 users can use it without any problem.
* I contacted Google. However, they said they could not find any problem on Google side.
* Google told me that the problem is similar to what happened in the past when there was not enough license on Microsoft side.
`
I know the error can also happen sometimes if the user doesn't have a valid Exchange license. I am not too familiar with how the system looks in Azure but I know I am not too familiar with how the system looks in Azure but I know this has worked for others in the past.
Are you able to check if the user has an Exchange license?
`
![65289-%E8%B2%BC%E3%82%8A%E4%BB%98%E3%81%91%E3%81%9F%E7%94%BB%E5%83%8F-2021-02-08-18-34.jpg][1]
[1]: /api/attachments/65289-貼り付けた画像-2021-02-08-18-34.jpg?platform=QnA
Microsoft Security | Microsoft Entra | Microsoft Entra ID
1 answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator2021-02-12T00:29:33.853+00:00 -
murakami.katsutoshi 1 Reputation point
2021-02-12T10:13:30.843+00:00 Thanks for the reply.
The other 5 users using the same AzureAD have no problem.
Is it possible to catch and analyze the middle of the communication for debugging purposes? If there is any point to check in the patameters during the redirection, please let me know.
Sign in to comment -