Skip to main content

Tutorial: How to Configure SAML with Auth0

Abstract

How to set up SAML with Auth0 on Access Server. A step-by-step guide for configuration of SAML on Access Server with Auth0.

Overview

Access Server 2.11 and newer supports authentication using SAML with Auth0 as the identity provider. You can configure this in Auth0 with Access Server as your service provider.

The following steps walk you through enabling SAML authentication for users and groups from Auth0 to Access Server.

Prerequisites

You need the following to get started:

  1. An Auth0 account.

  2. A deployed Access Server.

Important

We recommend using all lowercase usernames when logging in with SAML.

Step 1: Create the Auth0 SAML application

With Auth0, you must create a custom SAML application.

Now that you have your SP information, you can create a new Auth0 SAML app and enter that information during app creation:

  1. Sign in to your Auth0 portal.

  2. Under Applications, click Applications.

  3. Click Create Application.

  4. Enter a name for your SAML custom app.

  5. Under Choose an application type, click Native, and click Create.

  6. Under the Settings tab, scroll down until Application URIs, and use the SP information from Access Server to enter the following into the Auth0 app:

    1. Application Login URI: Enter the Access Server SAML SP Identity.

    2. Allow Callback URLs: Enter the Access Server SP ACS. (Ensure you enter https:// with the SAML Hostname.)

  7. Scroll down and click Save Changes.

Option 1: Download the Auth0 metadata file for automatic configuration

  1. Under Applications, click Applications.

  2. Click on your SAML app.

  3. Under Addons, click on SAML2 Web App.

  4. Under the Usage tab and Identity Provider Metadata, click Download.

Option 2: Copy the Auth0 SAML data for manual configuration

  1. Under Applications, click Applications.

  2. Click on your SAML app.

  3. Under Addons, click on SAML2 Web App.

  4. Under the Usage tab, copy the content of Issuer, and Identity Provider Login URL.

  5. Click Identity Provider Certificate to download the certificate in PEM format.

Step 2: Configure Auth0 SAML data with Access Server

The simplest way to set up Auth0 SAML for Access Server is by providing the metadata XML file (option 1), but you can also manually configure it (option 2).

Option 1: Upload the Auth0 metadata file in the Admin Web UI

Provide the downloaded metadata XML file to your Access Server through the Admin Web UI to automatically configure SAML:

  1. Sign in to your Access Server Admin Web UI.

  2. Click Authentication > SAML.

  3. Click Configure Identity Provider (IdP) Automatically via Metadata to expand the section.

  4. Click Choose File for Select IdP Metadata File.

  5. Select your Auth0 metadata XML file, click Upload, and click Update Running Server.

    • The IdP fields are now populated under Configure Identity Provider (IdP) Manually.

Option 2: Manually configure Auth0 SAML

  1. Sign in to your Access Server Admin Web UI.

  2. Click Authentication > SAML.

  3. Click Configure Identity Provider (IdP) Manually to expand the section.

  4. Paste the following from Auth0 to the Access Server fields:

    1. Paste the Auth0 Identity Provider Login URL into Access Server’s Sign On Endpoint.

    2. Paste the Auth0 Issuer into Access Server’s IdP EntityId.

    3. Paste the Auth0 Identity Provider Certificate into Access Server’s Certificate (PEM format).

    • The IdP fields save.

Step 3: Assign SAML as user authentication

In this section: