SAML Single Sign-On Integrations

When you implement SAML single sign-on (SSO), it's important to consider:

  • Which system(s) will serve as the authoritative source for user profile information if there's ever a conflict between two or more sources.

  • What user profile attributes each application needs.

  • How user profile information will be distributed to the systems that need it.

Identity provider-initiated SSO

You typically set up a SAML federation by configuring SSO initiated by the service provider. The service provider returns a browser redirect so that the user authenticates using the IdP. After authentication, the browser redirects the user back to the service provider with a SAML assertion containing information about the authentication status. This is commonly used for consumer-facing scenarios.

You can also configure the IdP to initiate SSO instead of the service provider. In this scenario, the user invokes a URL on the IdP and is prompted to authenticate, then is redirected to the service provider with a SAML assertion. This is commonly used in enterprise scenarios. To learn more, read Configure SAML Identity Provider-Initiated Single Sign-On.

Auth0 as identity provider for SAML SSO integrations

Some of the following integrations make use of the Auth0 SAML2 Web App addon.

To learn more, read Enable SAML2 Web App Addon.

Other SAML identity provider SSO integrations

Auth0 provides SSO integrations for using the following services as identity providers:

Special scenarios

Once you've set up a basic SAML integration, there are a number of additional requirements you might need to implement so that your integration reflects your needs and requirements.

You have set up a connection or an application and that you're altering specific settings for an existing SAML integration, not configuring an integration from scratch.

To learn more about special scenarios, read Configure Identity Provider-Initiated Single Sign-On and Sign and Encrypt SAML Requests.

Learn more