Auth0 provides Enterprise connections to authenticate users in an external, federated identity provider (IdP) such as Azure AD, Google Workspace, PingFederate, and more.
Availability varies by Auth0 plan
Your Auth0 plan or custom agreement affects the availability of this feature. To learn more, read Auth0's Pricing Page.
Create an Enterprise connection
Auth0 supports many identity providers out of the box. To learn more, review Enterprise Identity Providers.
OpenID Connect (OIDC) protocol
Enterprise connections using OpenID Connect or Okta Workforce as the identity provider can support the following:
Proof Key for Code Exchange (PKCE)
For more information on PKCE, review Protecting Apps with PKCE.
Attribute claims and access token mapping
You can currently implement these features for OpenID Connect or Okta Workforce connections. To learn more, review Configure PKCE and Claim Mapping for OIDC Connections.
View Enterprise connections
Navigate to Auth0 Dashboard > Authentication > Enterprise to see all available Enterprise connection types. Select a connection type (for example, SAML) to see if there are any configured connections of that type.
You can also select a configured connection and check the Applications tab to see if it is enabled for any applications.
Call the Auth0 Management API Get all Connections endpoint to get information about your connections. Include the
strategy parameter to filter by connection type.
The Enterprise connection type
strategy values are:
waad(Microsoft Azure AD)
What is an active Enterprise connection?
An Enterprise connection is considered active if (during the current month) it has both:
Been enabled for an application.
Had user activity (for example, login, sign-up, or token exchange).
If an Enterprise connection was never enabled for any application, or was enabled but did not have any user activity during the current month, it is not considered active.