Product Guide
StatusSupport
Start typing to search…

SSO for Google Workspace

This page walks you through the steps to configure Zus SSO if your organization uses Google Workspace as your IDP.

📘

Before you begin

  • As a requirement for configuring Zus SSO, customers must attest that multi-factor authentication is required for all users and included in their identity provider's authentication workflow when accessing the Zus domain.
  • Only customer users with corresponding Zus auth accounts will be accepted for SSO login.

Configuring SSO

  1. Go to the Google API Console.
  2. From the projects list, select a project or create a new one.
  3. If the APIs & services page isn't already open, open the console left side menu and select APIs & services.
  4. On the left, click Credentials.
  5. Click Create Credentials, then select OAuth client ID.

If this is not your first time creating a client ID, skip to step 13.

  1. If this is your first time creating a client ID, you will need to configure your consent screen by clicking Consent Screen.
  2. On the Google API Console OAuth consent screen page, add required information like a product name and support email address.


  1. On the OAuth consent screen, under Authorized domains, add auth0.com

  2. Save and Continue, which should advance you to the Scopes page.

  3. Click on “Add or Remove Scopes”.

  4. On the dialog that appears, select the scopes your project uses.

    1. For SSO, you should select openid, email and profile scopes.

  5. Save and Continue, then return to Credentials.

  6. Click Create Credentials at the top of the screen, then choose OAuth Client ID.

  7. Fill out the fields for OAuth Client ID

    1. Application type: Web Application

    2. Name: Name of application

    3. Authorized URIs

      1. If setting up for Sandbox

        1. Origin URI: https://auth.sandbox.zusapi.com/
        2. Redirect URI: https://auth.sandbox.zusapi.com/login/callback

      2. If setting up for Production

        1. Origin URI: https://auth.zusapi.com/
        2. Redirect URI: https://auth.zusapi.com/login/callback

      3. You can plug both into a single workspace to authorize both environments.



  1. Once you save this page, your Client ID and Client Secret will be created for you.
  2. Share the google workspace Client ID and secret with Zus via a secure channel.

Updated about 4 hours ago