Google > Expensify SSO is configured properly but not working. I need help

I've followed the documentation linked from Expensify's support site on the integration. It's enabled and turned on for a select group for testing.
When I select "Test SAML Login" it opens the expensify page but doesn't log in saying "Invalid_response". I opened a ticket with google and did a test of the IDP Metadata to ensure it's good, which it is. I then checked the Google SAML logs and it shows that authentication works and is going through.
This leads me to believe the issue is on the Expensify side but I don't know how to get this resolved so I can turn on SSO for the org. Can I get some help on getting this resolved?
Thank you,
Shane
Answers
-
Greg Schroeder Expensify Success Coach - Admin, Expensify Team, Expensify Student Ambassador Posts: 65 Expensify Team
Hey @sdanisher,
Hmm. It's difficult to say without being able to look specifically at your logs or metadata, but I've seen this come up in the past when folks' metadata contained two certificates. Can you confirm your metadata only contains a single cert?
-
Hey Greg,
This is a good call out. We do have two different certificates. I'll look into this and see if fixing this resolves the issue. Thanks!