Skip to main content
To configure Auth0 as the service provider (SP) in a federation, you will need to create an Enterprise connection in Auth0 and then update your SAML (IdP) with the connection’s metadata. Auth0 supports using Auth0 as the SP in configurations that conform to the SAML 1.1 or SAML 2.0 protocol.

Get metadata and certificate from the IdP

You’ll need to collect some configuration metadata from the IdP to create a connection in Auth0:

Create SAML Enterprise connection in Auth0

You can create a SAML Enterprise connection in the or with the Auth0 :
  1. Go to Dashboard > Authentication > Enterprise and select SAML.
  2. Select Create Connection.
  3. Configure the following settings:
  1. Select Create.

Configure SAML connection for proxy gateways

If you have Auth0 behind a proxy gateway, you’ll need to configure the SAML connection’s destinationUrl and recipientUrl fields accordingly.
  1. Get your SAML connection’s current configuration with the Management API Get a connection endpoint.
  2. Copy the value of the options object from the returned response.
  3. Add the following fields to the options object:
  1. Call the Management API Update a connection endpoint with the entire updated options object in the request body.

Customize the request template

When Auth0 sends the authentication request to the IdP, the request body contains an AuthnRequest object. You can customize the template used for this object:
  1. Go to Dashboard > Authentication > Enterprise > SAML, and select your connection.
  2. Switch to the Settings view, and locate the Request Template field.
  3. Modify the template.
  4. Select Save Changes.

Template variables

Variables can be placed into the AuthnRequest template using the @@VariableName@@ syntax. The following variables are available:

Configure the IdP

Go to SAML Identity Provider Configuration Settings to find the metadata you’ll need to provide to the IdP. Auth0 supports all SAML IdPs that conform to the SAML 1.1 or SAML 2.0 protocol. We have detailed instructions for configuring specific providers below.

Test connection

To test your connection in the Dashboard:
  1. Go to Dashboard > Authentication > Enterprise > SAML.
  2. Locate the connection you created, select the (three dots) menu icon, and select Try.
  3. A Universal Login Page will appear and prompt you to enter credentials.
  4. Enter the email address of a user who exists in the IdP. If you configured Home Realm Discovery, make sure you enter an email address that uses one of the specified domains.
  5. After you are redirected to the login screen for the IdP, log in as you normally would.
  6. You will be redirected to a page on Auth0 that displays the contents of the authentication assertion sent to Auth0 from the IdP.

Troubleshoot connection

If your connection is not working as expected, try the following steps:
  • Clear your browser history, cookies, and cache before each test. If you do not, the browser may not pick up the latest configuration information, or it may have stale cookies that affect execution.
  • Ensure that your browser allows cookies and has JavaScript enabled.
  • Capture a HAR file of the transaction, and then use the Auth0 SAML Tool to decode the SAML assertion and inspect its contents.