docs:clarify Google Workspace RelayState behavior for IdP-initiated SSO

Arobce · Arobce · commit 8613de230db0 · 2026-03-02T12:00:33.000-06:00
diff --git a/src/content/docs/authenticate/enterprise-connections/idp-initiated-saml-sso.mdx b/src/content/docs/authenticate/enterprise-connections/idp-initiated-saml-sso.mdx
@@ -136,6 +136,9 @@ In your IdP admin console, create a new SAML application with these settings:
 2. **Entity ID / Audience**: Use the Entity ID you configured in Kinde
 3. **Name ID format**: Select the format for the Name ID used to identify users in SAML responses (*Persistent* recommended)
 4. **RelayState** (optional): Configure a default RelayState URL if your IdP supports it. This is where users are redirected after authentication.
+    <Aside>
+    If you are using Google Workspace as your Identity Provider, note that Google does not support dynamic RelayState for IdP-initiated SSO. Use the Start URL field in the Google SAML application settings to define the post-login redirect URL. The Start URL acts as the RelayState.
+    </Aside>
 5. **Enable IdP-initiated SSO**: In your IdP's application settings, enable the option to allow IdP-initiated sign-on (the exact setting name varies by provider)
 
     <Aside>
