This article provides details on setting up Enterprise SAML SSO using Google Workspace.
 

• SAML
• SSO
• Enterprise Google Workspace

The following are the steps to set up the Enterprise Google Workspace SSO using SAML

1. Decide on the connection name. For example, googlesaml.

2. Follow these instructions to set up a SAML application in the Google Workspace - Set up your own custom SAML application.
   1. Follow the Set up your own custom SAML app section.
   2. On the Google Identity Provider Detail page, copy and save the SSO URL (https://accounts.google.com/o/saml2/idp?idpid=****) and download the certificate.
   3. When Google asks for the Service Provider Details, use these values:
      1. ACS URL (meaning Assertion Consumer Service URL): https://<auth0-domain>/login/callback 
      2. Entity Id: urn:auth0:<auth0-tenant-name>:googlesaml
         • NOTE: The <auth0-tenant-name> part does not include the full domain name. If the Auth0 domain is as an example.us.auth0.com, then it should be "example".
      3. For the name ID, use email.
      4. Leave other values/options unchanged.
   4.  Follow the Turn on your SAML app section. Allow the Google Workspace users to access the app. 

3. Create an Enterprise Generic SAML connection in the Auth0 tenant.
   1. Use the connection name that was established earlier in step 1 (i.e., googlesaml)
   2. Sign-In URL: SSO URL that was copied in the step above - https://accounts.google.com/o/saml2/idp?idpid=****
   3. X509 Signing Certificate: the file downloaded in the step above.