G Suite SSO works with ConnectWise Manage as long as you stick to uppercase or lowercase on the Company ID on the login page. You can fix this by replacing
$('#company').val()
with
$('#company').val().toLowerCase()
on every line in the websites\psa\common\scripts\rootLogin.js file.
NOTE: This solution will only work for on-prem, please make a backup of your rootLogin.js file before making any changes. This file will likely get overwritten every time you update, so check the file after each update and make any necessary changes.
Long story:
I encountered this issue when my colleagues reported that they were unable to log in with SSO through google and that they were getting an app_not_configured_for_user error. I attempted to log in and didn't have the same issue. Checking the login page from both sessions, I noticed that they had put our company id in uppercase. I changed my login settings and was able to replicate the error. It turns out that CW manage does not normalize your login input when generating the ACS URL or Entity ID, which the Company ID is a part on both. Google requires the ACS URL and Entity ID to be identical to what is supplied by Manage. I reported my findings to ConnectWise and was told that G Suite isn't supported and that I should switch to AD FS.
I decided to dig in myself and see if I could come up with an easy solution. Poking through the login code I found that the entire lookup for SSO is done asynchronously through jQuery. Doing a simple search for instances of the $('#company').val() string and adding .toLowerCase() in the file websites\psa\common\scripts\rootLogin.js would allow me to normalize the input to what I had configured on G Suite and prevent that error from occurring for anyone at my organization.
G Suite SSO/SAML Troubleshooting
in General Discussion
Posted · Edited by johnduprey
TL;DR
G Suite SSO works with ConnectWise Manage as long as you stick to uppercase or lowercase on the Company ID on the login page. You can fix this by replacing
$('#company').val()
with
$('#company').val().toLowerCase()
on every line in the websites\psa\common\scripts\rootLogin.js file.
NOTE: This solution will only work for on-prem, please make a backup of your rootLogin.js file before making any changes. This file will likely get overwritten every time you update, so check the file after each update and make any necessary changes.
Long story:
I encountered this issue when my colleagues reported that they were unable to log in with SSO through google and that they were getting an app_not_configured_for_user error. I attempted to log in and didn't have the same issue. Checking the login page from both sessions, I noticed that they had put our company id in uppercase. I changed my login settings and was able to replicate the error. It turns out that CW manage does not normalize your login input when generating the ACS URL or Entity ID, which the Company ID is a part on both. Google requires the ACS URL and Entity ID to be identical to what is supplied by Manage. I reported my findings to ConnectWise and was told that G Suite isn't supported and that I should switch to AD FS.
I decided to dig in myself and see if I could come up with an easy solution. Poking through the login code I found that the entire lookup for SSO is done asynchronously through jQuery. Doing a simple search for instances of the $('#company').val() string and adding .toLowerCase() in the file websites\psa\common\scripts\rootLogin.js would allow me to normalize the input to what I had configured on G Suite and prevent that error from occurring for anyone at my organization.