This error occurs when there is a mismatch in the signature. 

 

To extract the SHA signature from Google,

  1. In the Google Admin console, navigate to Security > Set up single sign on and click on the download Certificate.
  2. Open the downloaded .pem extension file using notepad/sublime text editor.

  3. Copy the certificate from the notepad/sublime text-editor and paste it in the X.509 certificate section in https://www.samltool.com/fingerprint.php

  4. Make sure that you’ve selected SHA256 as the algorithm and click on calculate fingerprint.

  5. Enter the key displayed in the formatted fingerprint text box in your Freshdesk account under Admin > Security > SAML >Security Certificate Fingerprint > Save.