Configure Google Workspace as SAML Service Provider

Use the following SAML configuration for Google Workspace.

  1. Go to Dashboard > Applications > Applications and either create a new application or click the name of an application to update.

  2. Go to the Addons tab and enable the SAML2 Web App toggle.

  3. On the Settings tab, set the Application Callback URL to: https://www.google.com/a/{YOUR-GOOGLE-DOMAIN}/acs.

    Dashboard Applications Applications Addons Tab SAML2 Web App Settings Tab

  4. Paste the following code into the Settings text box and click Debug. 

    {
      "audience": "https://www.google.com/a/{yourGoogleDomain}/acs",
      "mappings": {
    "nickname": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
      },
      "createUpnClaim": false,
      "passthroughClaimsWithNoMapping": false,
      "mapUnknownClaimsAsIs": false,
      "mapIdentities": false,
      "signatureAlgorithm": "rsa-sha256",
      "digestAlgorithm": "sha256",
      "nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:email",
      "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
      ],
    }

    Was this helpful?

    /

  5. Scroll to the bottom of the page and click Enable.

  6. On the Usage tab, locate Identity Provider Metadata, and click Download to download the metadata file. You'll need this when you configure Auth0 as the identity provider (IdP).

    Dashboard Applications Applications Addons Tab SAML2 Web App Usage Tab