Skip to main content
Auth0 provides Enterprise connections to authenticate users in an external, federated identity provider (IdP) such as Okta, Microsoft Entra ID, Google Workspace, and others. A configured connection will include protocol-specific settings for integrating single sign-in (SSO), user provisioning, and logout integrations with the external IDP, as well as private settings that govern how the connection interacts with Auth0’s Universal Login and Organizations features. The Connection Profile (CP) enables Auth0 developers to specify how the private settings of an Auth0 connection should be configured when created by third parties

How it works

  • Profile Definition

    An administrator creates a Connection Profile that defines the property values that should be written to the connection whenever they are created using one of Auth0 delegated administration features.
  • Flexible Scope

    Profiles are linked to Self-Service SSO and Okta Express Configuration flows today but are designed for broader reuse, covering provisioning, onboarding, entitlement management, and future Auth0 capabilities.

Connection Profile properties

A Connection Profile is a JSON object that supports these configurable properties, which are applied to all newly created connections.
PropertyDescription
connection_name_prefix_templateRepresents the prefix that must be used for naming connections. Maps to the name parameter on a connection. This value supports variable substitution for the organization ID and the organization name. The OIN workflow must substitute these values to generate the final prefix. Variables are enclosed in braces ().

Supported variables:

Example: con-{org_id}-
enabled_featuresThis list specifies the features which will be supported by the configured connection. Features not on the list are not allowed.

Supported values:
  • scim: When present, SCIM may be configured on the connection.
  • universal_logout: When present, the Universal Logout feature may be used with this connection.
organization.assign_membership_on_loginSpecifies whether users should automatically be assigned membership in the organization on login. This maps to the assign_membership_on_login property of the enabled_connections sub-resource of the organization.
For Express Configuration integrations with Okta, optional is treated as required

Connection Profile ValueEnable Connectionsassign_membership_on_loginValue
nonefalse
optionalfalse
requiredtrue
organizationAn object containing settings that are applied to the organization under which the connection is created.
organization.show_as_buttonSpecifies whether the connection should be shown as a button on the login screen once an organization has been chosen. This maps to the show_as_button value on the enabled connection.
Connection Profile ValueConnection show_as_button Value
nonefalse
optionaltrue
requiredtrue

Example Connection Profile

{
  "organization": {
    "show_as_button": "none",
    "assign_membership_on_login": "none"
  },
  "connection_name_prefix_template": "ec-{org_id}-",
  "enabled_features": [
    "scim",
    "universal_logout"
  ]
}

Create and manage Connection Profiles

A Connection Profile is automatically generated when using the Express Configuration feature with Okta. In addition, create and manage Connection Profiles using the Auth0 Management API.

Configure with Management API

To use the Management API, you need to get a Management API access token. To manage Connection Profiles, the following Management API endpoints are available:
  • POST /api/v2/connection-profiles
  • GET /api/v2/connection-profiles
  • PATCH /api/v2/connection-profiles/{id}
  • GET /api/v2/connection-profiles/{id}
  • GET /api/v2/connection-profiles/templates

Learn More