Unable to authenticate with Google Federation to Entra using on-premise AD account

I currently have it set to let the students/staff login with their Google accounts when accessing Microsoft services, these were created with Google (Microsoft 365 app is configured through SAML in Google Admin). This apps creates an account automatically in Entra. My goal is to combine the on-premise AD accounts with the Entra accounts that Google creates.

I have my on-premise AD set up to sync with Entra via Azure AD Connect. I'm testing with one account to be able to use our routable domain that we use with Google (our AD is a .local) and not have a separate account that was auto created with Google. The test account in AD has the UPN matching the @mydomain.org. The account in Entra shows on-premise sync enabled is yes. I do not have duplicate accounts for the same user on the Entra side (I deleted the account in Entra that Google created that had the same email address associated). This user does not have any roles and has a license.

When going to office365.com to test the account, the user is able to log in via Google, but the following error occurs.

AADSTS51004: The user account [email protected] does not exist in the xxxxx-xxxxx-xxxxx-xxxxx-xxxxx directory. To sign into this application, the account must be added to the directory.

I have tried the following:

• verified that the objectguid on-premise matched the immutableid in Entra
• added SMTP:[email protected] to the proxyaddress on-premise account
• since none of the previous changes did anything, I changed the Azure AD Connect anchor source from objectguid to ms-ds-consistencyguid and synced with a delta sync a few times

I'm thinking my AD/Entra settings should work, but perhaps I'm not passing the correct info via Google back to Entra. Any suggestions?