Link a Google Workspace App to Engage by Sailthru

This guide walks you through configuring Google Workspace (formerly G Suite) application to enable SAML-based Single Sign-On from Google Workspace for Engage by Sailthru. In this scenario, the Google Workspace application is the SAML Identity Provider.

  1. In Google Workspace, select Apps.The Apps page of Google Workspace.
  2. Open Web and mobile apps.
    The available apps in Google Workspace. This should include Web and mobile apps.
  3. Select Add custom SAML app from the Add App dropdown menu. Add custom SAML app selected in gray on the Add App dropdown menu.
  4. Pick up a name for the app. In this example, the app is named Engage by Sailthru. If you have an app icon you wish to use, upload it here. The app details screen. Add a name for your app and an icon.
  5. Now you can see the following information:
    • SSO URL
    • Entity ID
    • Certificate
    Copy this information. Support or your CSM will use it to configure the Identity Provider metadata in the Auth0 application. The Google Identity Provider screen.
  6. Decide the name of the SAML connection that will be used by Engage by Sailthru. This should be in the format of saml-<companyname>. In the following steps, you will insert this name in place of SAML_CONNECTION_NAME.
  7. On the next page:
    The Service Provider details screen.
    1. Enter https://AUTH0_DOMAIN/login/callback?connection=SAML_CONNECTION_NAME into the ACS URL field.
    2. Enter urn:auth0:AUTH0_TENANT:SAML_CONNECTION_NAME into the Entity ID field.
    3. Make sure that the Signed response checkbox is marked.
    4. Select Email in the Name ID format dropdown.
    5. Select Basic Information > Primary email in the Name ID dropdown.
    • AUTH0_DOMAIN is the Auth0 tenant domain. In our case it is on production.
    • AUTH0_TENANT is the Auth0 tenant name. In our case it is sailthru on production.
  8. Select Finish. The Attribute mapping screen. This includes the Finish button.
  9. Open the newly created app.
    Your app in the Google Admin console.
  10. Select the arrow on the top right corner of the User access section. Setting User Access to on for everyone.
  11. Select ON for everyone as a service status.