docs/interfaces/management.Management.EventStreamCloudEventConnectionUpdatedObject6Options.html
Options for the 'google-apps' connection
interface EventStreamCloudEventConnectionUpdatedObject6Options {
admin_access_token_expiresin?: string;
allow_setting_login_scopes?: boolean;
api_enable_groups?: boolean;
api_enable_users?: boolean;
client_id: string;
domain?: string;
domain_aliases?: string[];
email?: boolean;
ext_agreed_terms?: boolean;
ext_groups?: boolean;
ext_groups_extended?: boolean;
ext_is_admin?: boolean;
ext_is_suspended?: boolean;
federated_connections_access_tokens?: EventStreamCloudEventConnectionUpdatedObject6OptionsFederatedConnectionsAccessTokens;
handle_login_from_social?: boolean;
icon_url?: string;
map_user_id_to_id?: boolean;
non_persistent_attrs?: string[];
profile?: boolean;
scope?: string[];
set_user_root_attributes?: Management.EventStreamCloudEventConnectionUpdatedObject6OptionsSetUserRootAttributesEnum;
tenant_domain?: string;
upstream_params?: EventStreamCloudEventConnectionUpdatedObject6OptionsUpstreamParams;
}
admin_access_token_expiresin?allow_setting_login_scopes?api_enable_groups?api_enable_users?client_iddomain?domain_aliases?email?ext_agreed_terms?ext_groups?ext_groups_extended?ext_is_admin?ext_is_suspended?federated_connections_access_tokens?handle_login_from_social?icon_url?map_user_id_to_id?non_persistent_attrs?profile?scope?set_user_root_attributes?tenant_domain?upstream_params?
Optionaladmin_access_token_expiresinadmin_access_token_expiresin?: string
Expiration timestamp for the admin_access_token in ISO 8601 format. Auth0 uses this value to determine when to refresh the token.
Optionalallow_setting_login_scopesallow_setting_login_scopes?: boolean
When true, allows customization of OAuth scopes requested during user login. Custom scopes are appended to the mandatory email and profile scopes. When false or omitted, only the default email and profile scopes are used. This property is automatically enabled when Token Vault or Connected Accounts features are activated.
Optionalapi_enable_groupsapi_enable_groups?: boolean
Enables integration with the Google Workspace Admin SDK Directory API for groups. When true, Auth0 can synchronize groups & group memberships and supports inbound directory provisioning for groups. Defaults to false.
Optionalapi_enable_usersapi_enable_users?: boolean
Enables integration with the Google Workspace Admin SDK Directory API. When true, Auth0 can retrieve extended user attributes (admin status, suspension status, group memberships) and supports inbound directory provisioning (SCIM). Defaults to true.
client_id: string
Your Google OAuth 2.0 client ID. You can find this in your Google Cloud Console under the OAuth 2.0 Client IDs section.
Optionaldomaindomain?: string
Primary Google Workspace domain name that users must belong to.
Optionaldomain_aliasesdomain_aliases?: string[]
Email domains associated with this connection for Home Realm Discovery (HRD). When a user's email matches one of these domains, they are automatically routed to this connection during authentication.
Optionalemailemail?: boolean
Whether the OAuth flow requests the email scope.
Optionalext_agreed_termsext_agreed_terms?: boolean
Fetches the agreedToTerms flag from the Google Directory profile.
Optionalext_groupsext_groups?: boolean
Enables enrichment with Google group memberships (required for ext_groups_extended).
Optionalext_groups_extendedext_groups_extended?: boolean
Controls whether enriched group entries include id, email, name (true) or only the group name (false); can only be set when ext_groups is true.
Optionalext_is_adminext_is_admin?: boolean
Fetches the Google Directory admin flag for the signing-in user.
Optionalext_is_suspendedext_is_suspended?: boolean
Fetches the Google Directory suspended flag for the signing-in user.
Optionalfederated_connections_access_tokensfederated_connections_access_tokens?: EventStreamCloudEventConnectionUpdatedObject6OptionsFederatedConnectionsAccessTokens
Optionalhandle_login_from_socialhandle_login_from_social?: boolean
When enabled, users who sign in with their Google account through a social login will be automatically routed to this Google Workspace connection if their email domain matches the configured tenant_domain or domain_aliases. This ensures enterprise users authenticate through their organization's Google Workspace identity provider rather than through a generic Google social login, enabling access to directory-based attributes and enforcing organizational security policies. Defaults to true for new connections.
Optionalicon_urlicon_url?: string
URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows.
Optionalmap_user_id_to_idmap_user_id_to_id?: boolean
Determines how Auth0 generates the user_id for Google Workspace users. When false (default), the user's email address is used. When true, Google's stable numeric user ID is used instead, which persists even if the user's email changes. This setting can only be configured when creating the connection and cannot be changed afterward.
Optionalnon_persistent_attrsnon_persistent_attrs?: string[]
An array of user fields that should not be stored in the Auth0 database (https://auth0.com/docs/security/data-security/denylist)
Optionalprofileprofile?: boolean
Whether the OAuth flow requests the profile scope.
Optionalscopescope?: string[]
Additional OAuth scopes requested beyond the default email profile scopes; ignored unless allow_setting_login_scopes is true.
Optionalset_user_root_attributesset_user_root_attributes?: Management.EventStreamCloudEventConnectionUpdatedObject6OptionsSetUserRootAttributesEnum
Optionaltenant_domaintenant_domain?: string
The Google Workspace primary domain used to identify the organization during authentication.
Optionalupstream_paramsupstream_params?: EventStreamCloudEventConnectionUpdatedObject6OptionsUpstreamParams
Member Visibility
ThemeOSLightDark
Properties admin_access_token_expiresinallow_setting_login_scopesapi_enable_groupsapi_enable_usersclient_iddomaindomain_aliasesemailext_agreed_termsext_groupsext_groups_extendedext_is_adminext_is_suspendedfederated_connections_access_tokenshandle_login_from_socialicon_urlmap_user_id_to_idnon_persistent_attrsprofilescopeset_user_root_attributestenant_domainupstream_params