API Endpoints for Single Sign-On

When implementing Single Sign-on (SS0) and configuring its settings, the following API endpoints will be helpful to you.

Authentication API endpoints

POST /login/callback

For SSO flows initiated by an Identity Provider (IdP), the POST /login/callback endpoint can accept a sign-on SAML request from the identity provider.

Management API

The Management API features several endpoints designed to help you manage SSO.

To call any of the Management API endpoints, you will need to obtain an Access Token.


All of your client applications/SSO integrations feature information relevant to your SSO implementation. You can retrieve or change this information by calling one of the Clients endpoints.

Of-interest parameters for each client include:

  • sso: Flag applicable only for clients created via SSO integrations. If true, Auth0 handles SSO; if false, the IdP handles SSO.

  • sso_disabled: Flag used to enable/disable SSO. If true, then SSO is disabled; if false, SSO is enabled. This option can only be set via the Management API.

  • app_type: Application type. If the client was created using one of Auth0's built-in SSO integrations, the name of the SSO integration would be listed (e.g., box or concur instead of native or spa)

Get all clients

The GET /api/v2/clients endpoint can be used to return information about the client applications you have configured for your tenant.

Create a client

The POST /api/v2/clients endpoint can be used to create a new client application.

Get a client

The GET /api/v2/clients/{id} endpoint can be used to return information about a specific client you have configured for your tenant.

Update a client

The PATCH /api/v2/clients/{id} endpoint can be used to update a specific client, including its SSO-related parameters.


Auth0 allows you to control the following tenant-level parameters that may affect your SSO implementation:

  • session_lifetime: Length of time for which the user's Auth0 session will stay valid.

  • idle_session_lifetime: Amount of time that may elapse before the user must sign in again due to inactivity.

Get tenant settings

The GET /api/v2/tenants/settings endpoint retrieves the settings for your tenant.

Update tenant settings

The POST /api/v2/connections endpoint allows you to update your tenant settings.

Learn more