This error occurs when there is a mismatch in the signature.
To extract the SHA signature from Google,
- In the Google Admin console, navigate to Security > Set up single sign on and click on the download Certificate.
- Open the downloaded .pem extension file using notepad/sublime text editor.
- Copy the certificate from the notepad/sublime text-editor and paste it in the X.509 certificate section in https://www.samltool.com/fingerprint.php
- Make sure that you’ve selected SHA256 as the algorithm and click on calculate fingerprint.
- Enter the key displayed in the formatted fingerprint text box in your Freshdesk account under Admin > Security > SAML >Security Certificate Fingerprint > Save.