Genesys Cloud - Main

Hi Community,

Having some issues with Single Sign-On integration with Google Workspace and hoping someone might be able to identify what the issue is here.
I recall there used to be some great KB articles for the different SSO options, but these appear to have been removed and haven't been replaced from what I can see.

Configuration completed:

In Google Workspace we created a custom SAML app with the following service provider details:
ACS URL: https://login.mypurecloud.com.au/saml
Entity ID: [redacted]
Name ID format: EMAIL
Name ID mapping: Basic Information > Primary email
Start URL: https://login.mypurecloud.com.au
Attribute mappings:
Primary email > email
First name > givenName
Last name > familyName

User access is set to On for everyone at the org level with no OU-level overrides.

In Genesys Cloud we configured the Google Workspace SSO integration with the Issuer URI, SSO URL, and X.509 certificate all taken directly from the Google SAML app information screen.

Issue:

When a user initiates login from Genesys Cloud the request is redirected to Google which returns a 403 error with the message "app_not_configured_for_user". This occurs even when tested with a Google Super Admin account.

ACS URL and Entity ID have been verified as correct.
Have imported Metadata into Genesys from Google to confirm no issues in copy/paste too.
Email address of user in Google matches exactly with email address in Genesys.

#API/Integrations

------------------------------
Andrew Robinson
------------------------------

Hi Andrew

-

This error "app_not_configured_for_user" is coming from Google, not Genesys Cloud, and typically indicates a user access/assignment issue rather than a SAML configuration problem.

Even if the app is set to "ON for everyone", I recommend verifying the following:

 - Ensure there are no OU-level overrides disabling the app

 - Explicitly assign the affected user to the application

 - Toggle the app OFF and ON again to force propagation

Also try launching the app directly from https://myapps.google.com - if it fails there as well, it confirms it's an access control issue on the Google side.Since your ACS URL, Entity ID, and attribute mappings are correct, this is very unlikely to be a SAML configuration problem.

------------------------------
Kaio Oliveira
GCP - GCQM - GCS - GCA - GCD - GCO - GPE & GPR - GCWM

PS.: I apologize if there are any mistakes in my English; my primary language is Portuguese-Br.
------------------------------

Thanks Kaio.

Do you know how to "Explicitly assign the affected user to the application"?
This is the only step we haven't done. I also tried the myapps.google.com URL and it doesn't appear to be correct, so if you know what the correct URL for testing that side that would also be appreciated.

------------------------------
Andrew Robinson
------------------------------

Original Message:
Sent: 05-01-2026 08:29
From: Kaio Oliveira
Subject: Google Workspace SSO

Hi Andrew

-

This error "app_not_configured_for_user" is coming from Google, not Genesys Cloud, and typically indicates a user access/assignment issue rather than a SAML configuration problem.

Even if the app is set to "ON for everyone", I recommend verifying the following:

 - Ensure there are no OU-level overrides disabling the app

 - Explicitly assign the affected user to the application

 - Toggle the app OFF and ON again to force propagation

Also try launching the app directly from https://myapps.google.com - if it fails there as well, it confirms it's an access control issue on the Google side.Since your ACS URL, Entity ID, and attribute mappings are correct, this is very unlikely to be a SAML configuration problem.

------------------------------
Kaio Oliveira
GCP - GCQM - GCS - GCA - GCD - GCO - GPE & GPR - GCWM

PS.: I apologize if there are any mistakes in my English; my primary language is Portuguese-Br.
------------------------------