Auth0 Home Blog Docs

GSuite Marketplace SSO

So, our app is going to be published on GSuite Marketplace. And the expectation is that the GSuite user who installs the app and clicks on it from the Google’s app bar, it should automatically sign them in without showing any additional login screens.
Out of all the enterprise connections you are providing, what’s the best or a way to achieve this? And also confused on which login URL to use for this purpose. Any help would be appreciated.

I am giving more explanation on how we are tackling this but still struggling to get this working.

  • A custom domain is created as explained in the docs.

  • When a user clicks the App URL form GSuite, we take the user to a page where

  • Auth0Lock is instantiated like shown below:

      var options = {
          clientBaseUrl: "https://auth-staging.xyz.domain",
          overrides: {
          __tenant: "staging-tenant",
          __token_issuer: "https://auth-staging.xyz.domain"
          },
          auth: {
      		redirectUrl: REDIRECT_URL,
      		responseType: 'token id_token',
      		sso: true,
      		params: {
      			access_type: 'offline',
      			scope: "openid profile email"
      		},
      		connectionscopes: {
      		'google-oauth2': [
      			 'some additional google scopes here.',
      		  ],
      		},
          }
      };
      var auth0Lock = new Auth0Lock(CLIENT_ID, "auth-staging.xyz.domain", options);
    
      auth0Lock.on('authenticated', async function(authResult) {
      	await createSessionCookie(authResult)
      	redirect()
      });
    

Now, it produces message that We are hitting the wrong end point. I looked into the docs and added the overrides from the sample. Can anyone take a look at the above and give us a hint on what we are not doing right here?

@dan.woda Could you or someone please take a look at this please? We’ve been waiting on this for a few days now. Thanks!

@dynosapp,

Sure, let us see what we can do.

Does the user already have a session with another one of your applications?

SSO isn’t taking care of this out of the box?

Let me know,
Dan

No. The workflow is user signs in on their GSuite account. He/she clicks on our (saas) app URL from the marketplace and it should sign them in and redirection will happen to the actual app upon successful authentication.
We have an enterprise connection ready for that specific GSuite account to use.

Have you tried adding it as a connection, described here:

Yes, I finished all the steps. I enabled the connection to my application.
I am lost in the subsequent steps.
I am trying the Auth0Lock method like I showed in my code above without popping up the login screen and I am getting an error that I am hitting a bad endpoint.

@dan.woda, I am able to connect with a Google prompt. However, we need a solution so it won’t show this prompt when they are signed into their GSuite account.
Our app would be placed on a GSuite app gallery and when the users click on it, it should not ask for a prompt. I am trying this with Lock library like I explained above, it is not helping. Do you have any documentation or tutorials in this regard? We can’t be the only ones trying this workflow.

I ran into your support ticket while researching this further. Did you find a solution?

Almost there. I had to get on a different issue for the past couple of days. I am back on to this problem now. I will report my status soon.

I was able to use Auth0Lock itslef to establish the enterprise GSuite connection. After the app is installed and the first time when the user clicks the app from the GSuite App gallery, Auth0 Lock is "show"n. Subsequent visits to our app from the gallery are automatically redirected as SSO, but not the first time. This is a solution we can go with for now. Ideally, we don’t want to show the sign in page, even for the first time.