Does login to Google Apps by my users count as a separate client connection? Do I have to setup a new client for Google Apps to connect to besides my main client which will be used by a custom web app?
Yes, this is possible using Auth0 as a SAML Identity-Provider. In this case, Google would act as a SAML Service-Provider.
You could technically reuse the same client, but you certainly shouldn’t. You should create a new client for everything that is logically a new client. If you want to reuse the same connections, you can easily do so by enabling the same Connections
for both clients in the configuration for each client here.
To use Auth0 as a SAML IdP, you would need to create a client and enable the SAML2 WebApp addon as described here. For example, this client may be named Auth0 IdP for GSuite
with connections such as a Database connection enabled. This would mean that Google Apps users would be redirected to Auth0, where they could login with only the connections enabled for Auth0 IdP for GSuite
.
Your web app may be a client such as Internal Timesheet App
with connections like ADFS, AD, etc. instead. Of course, these connections between the 2 clients can overlap as well, if you configure it that way, but I imagine you might want to keep a delineation between your GSuite users and your custom web app users.