Use the information in the following sections to help you troubleshoot issues with the connector for Google Apps:
Issue: You have multiple users using the same browser on the same computer to access Google Apps. The first user logs in and completes their work. The user then logs out of CloudAccess and leaves the browser running. The second user logs in to CloudAccess and tries to access the Google Calendar, but receives a 404 error message.
Solution: Google has changed how it handles cookies. The solution is that after the first user logs out of CloudAccess, the user must close the browser. The second user will not see any errors if the first user closes the browser after accessing Google Apps through CloudAccess.
Issue: After you implement CloudAccess, you might have some issues with existing Google Apps for Business accounts. Any users who either do not exist in the identity source, or are not merged with the existing Google account, can no longer log in to the Google domain. For example, if user jsmith has an account in Google Apps for Business, and you implement CloudAccess with single sign-on, user jsmith cannot log in directly to the Google domain. Google Apps for Business does not allow both direct login and single sign-on to the domain.
Solution: Give users authorization to access the Google Apps for Business resource through CloudAccess.
(Conditional) If the matching account exists in Active Directory, skip to Step 2. Otherwise, create a matching account in the identity source (Active Directory).
Grant the user authorization to the Google Apps for Business resource by adding the user to the proper group in Active Directory. Alternatively, you can map the Active Directory group to the Google Apps for Business group through the Policy Mapping page. For more information, see Loading Authorizations
in the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide.
The two accounts merge when the user receives authorization for Google Apps for Business through the Policy Mapping page. CloudAccess automatically generates a new password and resets the Google Apps for Business password. When users access the resource after the merge occurs, they automatically log in to Google Apps for Business through single sign-on.
By default, the connector for Google Apps places newly provisioned users into the top-level organization of your Google Apps domain. If you specified a sub-organization when you configured the connector for Google Apps, but users are still being provisioned to the top-level organization, verify that you entered a valid sub-organization in the Default OrgUnit field in the connector configuration. This field is free-form, is not case-sensitive, and is not validated. If you specify an invalid sub-organization, CloudAccess provisions the user to the top-level organization by default. If you have enabled tracing in the CloudAccess debugging tools, the connector_GOOGLEAPPS_XXXXX.log file will print a trace statement stating, “Default OrgUnit configured on the connector does not exist in the Google Apps domain structure” with the invalid value.
Issue: If a user sets up a Chrome profile and then tries to use a Google Apps resource configured to use Chrome on MobileAccess, the login fails because Chrome passes the saved profile user name and password to the resource instead of passing the user name and password from MobileAccess. This issue occurs for any Google Apps resource (for example, Gmail or Google Drive) on iOS and Android mobile devices. (Bug 948622)
Workaround: Users can remove their Chrome profile to avoid this issue, or you can configure the appropriate Google Apps appmarks in CloudAccess so the resources open with Firefox, an internal viewer, or a user-selectable option, instead of Chrome.