Google SAML SSO - 403 app_not_configured_for_user error when signed into personal Google account

I'm working on a SAML SSO integration for our app using Google / G Suite. Our customers configure our SAML app in their company's G Suite admin settings. The integration works correctly in most cases:

• Suppose you're not signed into a Google account yet. You initiate the SSO process. You're prompted to sign into your company Google account, and SSO works correctly.

• Suppose you're already signed into your company Google account and your personal Google account. You initiate the SSO process. You see an account chooser. If you choose your company Google account, SSO works correctly.

However, SSO fails in this case:

• Suppose you are only signed into your personal Google account. Google does not display the account chooser. Instead, you immediately get a a 403 error: "Error: app_not_configured_for_user."

This has led to a very confusing experience for our users. It's pretty common that you're currently only signed into one google account that's not your company google account. Furthermore, the error page is opaque -- it's not clear to a user what they did wrong.

Is there any way to always show the account chooser? For example, are there any parameters we can add to the /o/saml2/idp url or the SAML AuthnRequest? (E.g. we tried setting ForceAuthn and adding a <saml:Subject> block in the AuthnRequest, but it seems Google's SAML does not support either.)

Or is there a way for our app to get a callback on error, so we can show a more meaningful error message?

(I contacted G Suite support, and they said to ask our question on Stack Overflow instead. Appreciate your help here!)