Auth0
Configure Auth0 as a SAML identity provider for single sign-on to FOSSA.
Overview
Auth0 acts as a SAML 2.0 identity provider for FOSSA. To connect them, you create an application in Auth0, enable its SAML2 Web App addon, then exchange a signing certificate and sign-on URLs between Auth0 and FOSSA.
Note
SAML single sign-on must be enabled for your organization before the settings below appear. SSO is a premium feature, contact your FOSSA account team to enable it.
Before you start, open FOSSA's authentication settings in another tab: go to Settings → Organization → Authentication. The Callback URL shown there is needed while configuring Auth0, and you'll paste Auth0's certificate and sign-on URL back into this page at the end.
Configuring the Auth0 application
- 1
Create an application in Auth0
In the Auth0 admin panel, go to Applications → Create Application and choose Single Page App as the application type. You can ignore the Quick Start wizard that opens.
- 2
Open advanced settings
Open the Settings tab from the bar at the top, scroll to the bottom, and click Show Advanced Settings.
- 3
Copy the signing certificate into FOSSA
On the Certificates tab, copy the Signing Certificate. In FOSSA, on the Settings → Organization → Authentication page, paste it into the Certificate field.
- 4
Enable and configure the SAML2 addon
Scroll back to the top and open the Addons tab, then click SAML2 Web App. Copy the Callback URL from FOSSA's Authentication page into the Application Callback URL field in Auth0. In the Settings box, paste the following, then click Save:
JSON{ "nameIdentifierProbes": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ]}The
nameIdentifierProbesvalue tells Auth0 to send the user's email address as the SAML Name ID, which FOSSA uses to identify the user. - 5
Copy the identity provider login URL into FOSSA
Open the Usage tab and copy the Identity Provider Login URL. In FOSSA, paste it into the Identity Provider Single Sign On URL field on the Authentication page.
- 6
Save in FOSSA
Click Save Changes on FOSSA's Authentication page.
Result
Auth0 is now configured to authenticate users to FOSSA. For their first login, users must visit the Identity Provider Login URL from Auth0, which redirects them to FOSSA and creates their account. After that, they can sign in directly from Auth0, or by entering their email address on the FOSSA login page.
Note
FOSSA can also set each user's organization role and synchronize their team membership from SAML attributes. See the SAML attributes guide for the supported role and teams claims.