Connecting G Suite with Auth0
You can connect your Auth0 Application to G Suite by providing the Google Client ID and Client Secret to Auth0.
Using Google Social and Enterprise Connections
If you have an existing Google Social Connection for your application and you create a new G Suite connection for the same domain, users affiliated with the social connection with now be logged in with the new enterprise connection. This will occur regardless of whether you enable the G Suite (enterprise) connection or not.
Generate the Google Client ID and Client Secret
While logged in to your Google account, go to the API Manager.
Create your new app by navigating to Credentials using the left-hand menu.
While you are on the Credentials page, click on Create a project.
In the dialog box that appears, provide a Project name, answer Google's email- and privacy-related questions, and click Create.
Google will take a moment to create your project. When the process completes, Google will prompt you to create the credentials you need.
Click on Create credentials to display a pop-up menu listing the types of credentials you can create. Select the OAuth client ID option.
At this point, Google will display a warning banner that says, "To create an OAuth client ID, you must first set a product name on the consent screen." Click Configure consent screen to begin this process.
Provide a Product Name that will be shown to users when they log in through Google.
At this point, you will be prompted to provide additional information about your newly-created app. Select Web application, and provide a name for your app.
Under Restrictions, enter the following information:
- Authorized redirect URI:
Click Create. Your
Client Secretwill be displayed.
Client Secretto enter into the Connection settings in Auth0.
Enable the Admin SDK Service
If you are planning to connect to G Suite enterprise domains, you will need to enable the Admin SDK service.
Navigate to the Library page of the API Manager.
Select Admin SDK from the list of APIs:
On the Admin SDK page, click Enable.
Enable and Configure the Auth0 Enterprise Connection
Log in to your Auth0 account, and navigate to Enterprise Connections.
Scroll down to the row for G Suite, and click the Create New plus icon.
On the Settings screen, provide the following information:
|G Suite Domain||the G Suite domain you're using for authentication|
|Domain Aliases (optional)||a comma-separated list of domains registered as aliases for the primary domain|
|Client ID||the Client ID for your G Suite Account|
|Client Secret||the Client Secret for your G Suite Account|
|Attributes||the flag that indicates how much information you want stored in the Auth0 User Profile. Select one of the two options: Basic Profile (includes the
|Extended Attributes: Groups||the distribution list(s) to which the user belongs|
|Extended Attributes: Is Domain Administrator||whether the user is a domain administrator or not|
|Extended Attributes: Is Account Suspended||whether the user's account is suspended or not|
|Extended Attributes: Agreed to Terms||whether the user's agreed to the terms of service or not|
|Auth0 APIs||Enable Users API. The flag that indicates whether you've chosen to enable the ability to make calls to the Google Directory API|
Click Save when you're done.
- You will need to configure your settings so that your app can use Google's Admin APIs. If you're the administrator, you can click Continue on the Connection's Settings page to do so. If not, provide the URL you're given to your administrator so that they can adjust the required Settings.
Enable the Connection for Your Auth0 Application
To use your newly-created connection, you'll need to enable it for your Auth0 Application(s).
Go to the Applications page of the Management Dashboard.
Select the Application for which you want to enable the Connection.
Click the Connections icon for your Application.
Scroll down to the Enterprise section of the Connections page, and find your G Suite Connection. Click the slider to enable the Connection. If successful, the slide turns green.
At this point, your users will be able to log in using their G Suite credentials.