> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Enterprise (SAML and Others)

> Initiate browser-based login via an enterprise identity provider such as Azure AD, ADFS, or SAML.

## Endpoint

`GET /authorize`

You can connect your Auth0 service to an enterprise identity provider and allow your users to log in to your application via Microsoft Azure Active Directory, Google Workspace, Okta Workforce, or other supported providers. To learn more about supported providers, visit [Auth0 Marketplace](https://marketplace.auth0.com/features/enterprise-connections).

Make a `GET` call to the `/authorize` endpoint for passive authentication. It returns a `302` redirect to the SAML Provider (or Windows Azure AD and the rest, as specified in the `connection`) to enter their credentials.

### Remarks

* If `response_type=token`, after the user authenticates, the browser will be redirected to the application `callback URL` with the Access Token and ID Token in the address `location.hash`. This is commonly used for Single-Page Apps (SPAs) and Native Mobile SDKs.
* If no `connection` is provided, the user will be redirected to the [Auth0 Login Page](http://manage.auth0.com/login), where they can authenticate via the first available database connection.
* This flow is used for applications that require passive browser-based authentication.

### Learn More

* [SAML](https://auth0.com/docs/authenticate/protocols/saml/saml-configuration)
* [Obtain a Client Id and Client Secret for Microsoft Azure Active Directory](https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/azure-active-directory/v2)
* [State Parameter](https://auth0.com/docs/secure/attack-protection/state-parameters)
* [Auth0.js /authorize Method Reference](https://auth0.com/docs/libraries/auth0js#webauth-authorize)

## Query Parameters

<ParamField query="response_type" type="string" required>
  Specifies the token type. Use `code` for server-side flows and `token` for client-side flows.

  Allowed values: `code`, `token`
</ParamField>

<ParamField query="client_id" type="string" required>
  The `client_id` of your application.
</ParamField>

<ParamField query="connection" type="string">
  The name of the enterprise connection configured for your application. If not provided, it will redirect to the [Auth0 Login Page](http://manage.auth0.com/login) and show the Login Widget using the first available database connection.
</ParamField>

<ParamField query="redirect_uri" type="string" required>
  The URL to which Auth0 will redirect the browser after authorization has been granted by the user. Specify the `redirect_uri` under your [Application's Settings](\$\{manage_url}/#/applications).
</ParamField>

<ParamField query="state" type="string">
  \[Recommended] An opaque value the application adds to the initial request that the authorization server includes when redirecting back to the application. This value must be used by the application to prevent CSRF attacks.
</ParamField>

## Response Messages

| Status | Description                              |
| ------ | ---------------------------------------- |
| 302    | Redirect to the authentication provider. |
| 400    | Bad Request - Invalid parameters         |
| 500    | Internal Server Error                    |