Integrating Auth0
This documentation is a detailed guide for setting up single sign-on (SSO) through Auth0, leveraging SAML 2.0 or OIDC.
The following procedures require copying and pasting information between Auth0 and the Delinea Platform. We recommend opening both applications before you begin, and keeping both open until you are finished.
You do not need to configure both OIDC and SAML applications for your integration. Depending on your organization's infrastructure and preferences, you can choose either OIDC or SAML.
Prerequisites
On the Delinea Platform, you need to be an Admin with federation privileges.
Build an Auth0 SAML Application
-
From the left navigation menu, click Applications.
-
On the Applications page, click Create Application.
-
On the Create Application page, enter a name for your Auth0 new SAML application, such as
Auth0 SAML
. -
Choose Regular Web Applications.
-
Click Create.
-
On your Auth0 new SAML application page, click the Settings tab.
-
Scroll down to Allowed Callback URLs.
-
Paste the following: `https://[HOST-NAME].delinea.app/identity-federation/saml/assertion-consumer'
-
Replace [HOST-NAME] with the host name you selected when you created your tenant.
-
Click Save Changes.
-
Click the Add ons tab.
-
Click the toggle to enable SAML 2.
The Addon: SAML2 Web App page opens.
-
From the Usage tab, next to Identity Provider Metadata and Identity Provider Certificate, click Download.
Identity Provider Metadata is an XML-formatted document that contains configuration information necessary for Delinea Federation to authenticate against the identity provider and includes the required endpoint URLs, bindings, and certificates.
- Click the Settings tab.
- Scroll to the bottom and click Enable.
- Click Save.
Add the Provider to the Platform
-
Log on to the platform,
-
Click Settings from the left navigation, then click Federation Providers.
-
Click Add Provider.
-
Select SAML from the drop-down menu. The Add Provider page opens.
Settings
In the Settings section, the first fields are automatically populated when you select the SAML provider configuration file and click Apply.
-
SAML provider configuration: Click Select file.
-
Navigate to and select the federation metadata XML file you downloaded.
The word, Apply appears above the right end of the SAML provider configuration field. -
Click Apply. The words Uploaded successfully will appear next to SAML provider configuration, and the empty fields below will be auto-populated:
-
Name: Auto-generated from metadata
-
Protocol: SAML (auto-filled)
-
Status: Disabled
-
Entity ID [example: https://sts.windows.net/808444af-4011-40d5-9b0a-a9a5c95f88e9/]
-
IDP Certificate: Click Select File, then navigate to and select the Signing Certificate file you downloaded, to populate the following fields:
-
Signature
-
Algorithm
-
Thumbprint
-
Not valid before
-
Not valid after
-
Issuer
-
-
-
IDP Login URL: Paste in the Login URL from your Auth0 application.
-
IDP Logout URL: Paste in the Logout URL from your Auth0 application.
-
Platform Callback URL: https://[HOST-NAME].delinea.app/identity-federation/saml/assertion-consumer. Copy the Platform Callback URL to paste into the Allowed Callback URLs field in your Auth0 application.
-
Platform Logout URL: https://[HOST-NAME].delinea.app/identity-federation/saml/logout-consumer
-
Status: Select the box next to Enabled.
Advanced Settings
See Advanced Settings (SAML only) under Federation Management.
Attribute Mappings
See Attribute Mappings under Federation Management.
Adding Custom Claims
See the following references for information on adding custom claims for Auth0:
Sample Use Cases: Scopes and Claims
Group Mappings
See Mapping Federated Groups under Federation Management.
User Mappings
See Mapping Federated Users under Federation Management.
Domains
-
Click Add Domain and enter the domain from the email addresses of the users you are including in this federation.
-
Optionally enable the Status of the provider.
-
When all required fields are populated, click Add Provider.
Build an Auth0 OIDC Application
The following procedure requires copying and pasting information between Auth0 and the Delinea Platform. We recommend opening both applications before you begin, and keeping both open until you are finished.
-
From the left navigation menu, click Applications.
-
On the Applications page, click Create Application.
-
On the Create application page, enter a name for your Auth0 new OIDC application.
-
Select Regular Web Applications.
-
Click Create.
-
On your Auth0 new OIDC application page, click the Settings tab.
-
Scroll down to the Basic Information section.
In the next steps, you will copy the Domain, Client ID, and Client Secret from the Basic Information fields shown below, and paste them into fields on your Delinea Platform.
Add the Provider to the Platform
-
Click Settings from the left navigation, then click Federation Providers.
-
Click Add Provider.
-
Select OIDC from the drop-down menu. The Add Provider page opens.
Settings
-
Name: Enter a unique name.
-
Status: Select the box next to Enabled.
-
Endpoint URL: Paste the URL from your Auth0 new OIDC application page Domain field.
-
Client ID: Paste the Client ID from your Auth0 new OIDC application page.
-
Client Secret: Paste the Client Secret from your Auth0 new OIDC application page.
-
Prompt: See Prompt for Re-authentication (OIDC only) under Federation Management.
-
Platform Callback URL: Copy the Callback URL. On your Auth0 new OIDC application page, scroll to Application URLs and paste the copied callback URL into the Allowed Callback URLs field.
Attribute Mappings
See Attribute Mappings under Federation Management.
Group Mappings
Also see Mapping Federated Groups under Federation Management.
User Mappings
See Mapping Federated Users under Federation Management.
Domains
-
Click Add Domain and enter the domain from the email addresses of the users you are including in this federation.
-
Optionally enable the Status of the provider.
-
When all required fields are populated, click Add Provider.