Skip to main content

Trying to configure SAML with Google Workspace and faced some difficulties.
According to the doc:

You’ll need to include this to configure SAML SSO with your identity provider.
....
- Encryption
- AES256_CBC with this certificate:

It is not clear from the document which setting this encryption must be applied to, but I assume that Intercom is expecting to receive an encrypted response from the Google Workspace IdP.
The problem is that the Google Workspace SAML IdP does not support such an option. It can sign the assertion with its own certificate if needed, but it cannot encrypt the response.

I also experienced a bug in the SAML configuration validation flow. I was able to pass the test and save the configuration as valid, but authentication via SAML is not working.

On the Google Workspace side, I can see events of successful logins in the logs labeled SamlLoginSucceeded.
At the same time, Intercom returns `We couldn't log you in because your identity provider returned an error. Contact your administrator or try again.`  Probably because of missing encryption.

Need advice on fixing SAML configuration.

UPD
managed to fix

Hi @Kirill Rabota -- Cam from the Intercom Support team here!

Looks like you’ve reached out to us via Messenger and discussed this with one of my teammates, Ebenezer, whos been able to suggest some setting changes specific to your setup which looks to have done the trick 👍

For the benefit of the community here I’ll just pass along what Ebenezer mentioned in your chat, that at present we do not have any Google Workspace specific SAML SSO setup docs. However, this (non-Intercom) doc - https://cloud.google.com/chronicle/docs/soar/admin-tasks/saml-soar-only/saml-configuration-for-g-suite - has proven to be a very useful reference for other customers.

I’ll leave you to it @Kirill Rabota, but just let us know here or in your Messenger chat if you have any follow-up questions 😁

Reply


Terms & ConditionsCookie settings