GSuite SSO - Credentials could not be verified?

Hi hoping someone can shine some light as to why my auth is just failing.

I have a Keycloak Docker container running and an nginx docker reverse proxying everything to Keycloak, it’s secure with Lets Encrypt SSL and I’m able to manage the Keycloak instance just fine. Google appears to redirect to the page without any issues.

I’ve gone ahead and created a client with the following
client id: gsuitedomain
consent required no
Include AuthnStatement On
Include OneTimeUse Off
Sign Documents On
Optimise REDIRECT off
Sign Assertions Off
Algorithm ESA_SHA256
SAML Sig None
Canoicalization EXCLUSIVE
Encrypt Assertions Off
Client Sig Required Off
Force POST Off
Front Channel Off
Force Name ID Off
Name ID Format: email
Base URL /auth/realms/master/protocol/saml/clients/company?RelayState=true
IDP Init SSO URL Name:
Assertion Consumer Service POST Binding: https ://

Under Mappers I’ve also created a User Property with the following
Name: email
Property: email
Friendly Name: Email
SAML Attribute: emailAddress
SAML Attribute Name Format: Basic

I uploaded the SAML Certificate to GSuite, set the sign in page url to https ://url/auth/realms/master/protocol/saml/clients/company along with the signout just being https ://url/auth for now. I’m also using domain specific issuer.

I’ve created a user in both Keycloak with a matching user in GSuite. I’m able to enter my email address into a Google Accounts Login and it’ll redirect me to Keycloak, from there I’m able to sign into the account fine until I get redirected to Google where it tells me " This account cannot be accessed because the login credentials could not be verified".

I’m really not sure what to do I’ve followed this tutorial: as closely as possible as it seems to be the only one on the Internet where Keycloak is used as the Idp for GSuite.

If anyone can be of assistance it would be immensely appreciated!