G Suite as SAML IdP for Auth0 SP

I know that Auth0 is officially very big on OAuth2/OIDC, and I don’t want to get into a religious argument, but I want to use SAML. I have a G Suite IdP and I’ve worked with multiple SaaS vendors who use Auth0 as the SAML SP, but have a really hard time integrating via SAML with G Suite.

Is this a limitation in Auth0? It appears, from my limited observation, that even when configuring an integration as a “generic” SAML integration as soon as Auth0 determines that you’re talking Google it tips things over to an OIDC integration. I hope that’s not correct and there’s something that can be done to make Auth0 SP and GSuite SAML2 IDP work together.

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?

I’m still interested in your answer. I’m not trying to do an integration right now, but I want to know whether this is a known issue, and whether I should expect the same issue with any future integration with a service provider who uses Auth0.

Hi @konrad.sopala - we are looking to perform the exact same integration between GSuite and Auth0 and was hoping that the query by ‘dgc’ was answered and resolved. unfortunately, it looks like this has been left unanswered. can someone from the support team respond to this? Is a Google Cloud Platform(GCP) needed to link our GSuite with Auth0? TIA.

1 Like

Hey there @shrikar!

Let me get back to this topic and followup on this shortly!

@shrikar Does your application consume SAML?

If your app consumes SAML and you set up a Google social connection, we’ll do OIDC for the Google authentication interaction but then we’ll consume the id_token from Google and send SAML back to your application. But you don’t have to use the “built-in” Google social connection.

As far as configuring against a Google SAML IdP, if you set that up as a generic SAML connection it should work the same as talking to any other SAML IdP. Our default is to return OAuth2/OIDC after the SAML interaction but we can operate as a SAML IdP and return SAML to your application as well.

If you tell me a little more about your setup and use case I can point you at the right resources–I’m fairly certain we can get this working for you.