We have configured SSO in Google using Azure AD as IdP.
It is set up by adding the Google Cloud / G Suite Connector by Microsoft enterprise application to Azure AD.
Login is working fine but when logging out from Google it gives this error message:
Sorry, but we’re having trouble signing you in.
AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.
The URL is the same as in Login URL and Logout URL step 4 of the SAML configuration of the app. According to the tutorial on MS Docs it is correct that the URL is the same for Login and Logout.
There isn't much configuration to be done on the Google side so I'm focusing on the configuration in Azure.
On the Basic SAML Configuration page, I have tried all sorts of different combinations in the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) fields. Right now I have google.com/a/edu.ourdomain.se as the only Identifier and https://www.google.com/a/edu.ourdomain.se/acs as the only Reply URL. But I have also had several entries like https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial suggests.
As Sign on URL I have https://www.google.com/a/edu.ourdomain.se/ServiceLogin?continue=https://console.cloud.google.com
Relay State and Logout Url are empty.
On the SAML Signing Certificate page the Signing Option is Sign SAML assertion
Apart from that there isn't any configuration options that I can see would affect this.