Set up SSO with Auth0
This guide connects Auth0 to KloudMate. Auth0 supports both OIDC and SAML. OIDC is the simpler setup and the recommended path.
Before you start
Section titled “Before you start”- You’re the KloudMate organization owner on a paid plan.
- You can create applications in the Auth0 Dashboard.
- Copy KloudMate’s values first from the Service provider details card.
OIDC (recommended)
Section titled “OIDC (recommended)”1. Create the application
Section titled “1. Create the application”-
In the Auth0 Dashboard, go to Applications → Applications → Create Application.
-
Choose Regular Web Applications and create it.
-
On the Settings tab, under Allowed Callback URLs, add:
-
Save changes.
2. Copy Auth0’s values into KloudMate
Section titled “2. Copy Auth0’s values into KloudMate”From the application’s Settings, copy the Client ID and Client Secret. Your Auth0 discovery URL is:
Replace <your-tenant> with your Auth0 tenant (use your custom domain if you’ve set one).
In KloudMate, open Connections → Add connection, choose OIDC, and fill in:
- Display name —
Auth0 - Discovery URL — the URL above
- Client ID and Client secret — from Auth0
- Scopes — leave as
openid email profile
Click Add connection.
Email mapping
Section titled “Email mapping”With the default email scope, Auth0 returns the user’s email in the ID token. No extra mapping is needed unless you have customized the token with a rule or action that drops the standard claims.
Auth0 exposes SAML through the SAML2 Web App addon on an application.
1. Enable and configure the addon
Section titled “1. Enable and configure the addon”-
Open your Auth0 application, go to the Addons tab, and enable SAML2 Web App.
-
In Application Callback URL, enter your KloudMate ACS URL:
-
In the Settings JSON for the addon, set the audience to your KloudMate SP Entity ID (the
entityIDfrom the downloaded SP metadata): -
Save.
2. Copy Auth0’s IdP metadata into KloudMate
Section titled “2. Copy Auth0’s IdP metadata into KloudMate”- In the SAML2 Web App addon’s Usage tab, copy the Identity Provider Metadata URL or download the metadata XML.
- In KloudMate, open Connections → Add connection, choose SAML 2.0, keep Paste metadata XML, and paste the metadata into IdP metadata XML.
- Set Display name and click Add connection.
Email mapping
Section titled “Email mapping”Auth0’s default SAML mapping puts the email in the NameID, which KloudMate reads. If you have overridden the mappings in the addon settings, make sure the email is sent in the NameID or an email attribute.
Finish up
Section titled “Finish up”- Verify your company domain.
- Choose a provisioning mode.
- Test sign-in with a work email on a verified domain via Sign in with SSO.
Hitting an error? See Troubleshooting.