Problem - I have been looking at Auth0 docs a lot to clearly understand about how users are categorized into Social connect vs Enterprise connect users (the bill aspect for these 2 types of users is different) but can not see a clear distinction so far except my assumption that users coming from Social connect are not enterprise users.
My use case - To accommodate the users of one of our partners to log into our app (Single sign on for our partner’s users). Our partner’s IdP is OpneID Connect compliant.
What did I find so far - Technically, in Auth0, it should be possible to just create a new Custom Social Connect by using their extension (Connect Apps to Generic OAuth2 Authorization Servers) but there is also an option to use OpenID Connect in Auth0’s enterprise connect, which confuses me about which Identity providers are considered social and which ones are considered enterprise.
Why am I looking for this info? - We may not be able to pay for all those users at enterprise user level pricing.
Appreciate any pointers to the information available out there in the docs or sharing of your own.
OIDC Enterprise is a fairly new offering, making the configuration of such easier than with the Custom Social Connection extension. But basically they’re fulfilling a similar purpose. If the Custom Social Connection extension works fine for you, then you can use it as well.
OIDC Enterprise
part of the Auth0 core product
supports OIDC Discovery, easier setup
allows to add custom icon to the connection button on the login page
no client secret needed
requires at least openid scope
counts as Enterprise connection (pricing-wise, as of today) ← which is what you’re asking for
Custom Social Connection
not part of the Auth0 core product, but an extension
allows to add custom headers
allows full control over the “Fetch user profile script”
does not require openid scope, can therefore be just a plain oauth2 connection
doesn’t count as Enterprise connection (pricing-wise, as of today) ← which is what you’re asking for
Our partner’s IdP is OpenID Connect compliant. What did I find so far - Technically, in Auth0, it should be possible to just create a new Custom Social Connect by using their extension
It is still unclear to me why something like a GSuite falls under Enterprise connection if we can also use it as a normal Social connection. This is, I set up a Google Social connection that uses the client ID and secret information from a Google Apps connected to the GSuite we own, and it just works.
Hi @valerio.battaglia,
GSuite is titled “G Suite: Collaboration & Productivity Apps for Business” so it’s obviously a business product / targeted for Enterprises (employees), rather than consumers. That’s the reason it’s under Enterprise Connections.
Sure, if it works with a regular social connection for your use case, that’s fine to use.
Okay, great to hear that @mathiasconradt. So we can sort of limit the Google Social Connection to login only users of our GSuite by hooking them together.
This question that pops in my mind now is, what exactly are the differences between the Google Social Connection and the GSuite Enterprise Connection? What benefits / cons would you have by using one or the other?
(1)
GSuite connections offers this optional flag Sync user profile attributes at each login to be disabled, so that it only syncs attributes once (at first login).
(2)
Another benefit is that you can define “Domain Aliases” in the configuration, which allows for Home Real Discovery.
Selecting the appropriate Identity Providers from multiple options is called “Home Realm Discovery”.
(3)
GSuite connection allows for extended attributes like groups (isDomainAdmin, isAccountSuspended, agreedToTerms) to be synced, which aren’t in the regular social connection.