Hi!
I’m currently testing out Auth0 with a G Suite Enterprise Connection against our testing G Suite domain. I’ve also added an SSO application with OpenID in one of our applications for testing the login itself.
While the Enterprise Connection itself works I’ve been unable to set it up so that a Users’ groups are included in OpenID data.
From previous topics in this community, it appears that some kind of Google Admin scopes needs to be set for the Google Consent Screen page, but it’s unclear exactly which scopes these are:
- http://community.auth0.com/t/no-groups-information-for-enterprise-google-connection/10421
- http://community.auth0.com/t/getting-groups-for-google-enterprise-connection-which-scopes-do-i-add/35231
At most, it just says
the Google Admin scopes have to be added on the consent screen stage
without going into any further detail exactly which scopes these are.
Just like the person in the above second link I’ve tested with the following two scopes enabled in Google’s console, but without any changes in the OpenID response:
https://www.googleapis.com/auth/admin.reports.audit.readonly
https://www.googleapis.com/auth/admin.reports.usage.readonly
I’ve already enabled Groups as an Extended Attribute in the Auth0 Connection’s configuration page, so nothing more should have to be done from the Auth0 end.
Does anyone know which scopes need to be set so that Auth0 can fetch User’s groups from G Suite?