Hi,
I am trying to connect SuiteCRM (self-hosted) to Google SAML service, but keep getting an error 403: app_not_configured_for_user
Here is my setup:
Google GSuite/Workspaces: paid license
2FA is enabled for all users.
Google SAML: Customer APP
User access: on for everyone
ACS URL: https://[our domain]/index.php?action=Login&module=Users
Entity ID: https://[our domain]/index.php?action=Login&module=Users / also tried with php-saml
Start URL: empty
Signed response: not ticked
SAML attribute mapping: not configured
SuiteCRM SAML settings:
Login URL: https://accounts.google.com/o/saml2/idp?idpid=[our id]
SLO URL: empty
X509 Certificate: [generated certificate]
Followed these instructions: https://support.sugarcrm.com/Knowledge_Base/Password_Management/Configuring_SSO_With_Google/#Adding_SAML_Application_in_Google
On the SuiteCRM I’m seeing this in the log when trying to authenticate:
Wed Oct 28 17:03:15 2020 [3371][-none-][FATAL] SECURITY: User authentication for failed
Wed Oct 28 17:03:15 2020 [3371][-none-][FATAL] FAILED LOGIN:attempts[1], ip[our ip], username[]
Does anyone have any idea where the problem is?