Connect Your Auth0 Application with Okta Workforce Enterprise Connection

The Okta Workforce Enterprise connection is an officially-supported, streamlined integration, and the preferred method to implement Okta as an Identity Provider (IdP) in Auth0.

This integration allows your customers to manage their employees' access to your application through their Okta Workforce Identity Cloud.

Additionally, if you are using Auth0 for customer identity management and Okta for workforce identity management internally, this integration is effective way to manage your identity spaces.

If the Okta Workforce Enterprise connection does not support your use case, you can configure Okta as a SAML IdP.

Create Okta OIDC app integration

To learn how to create an Okta OIDC app integration, read Create OIDC app integrations on Okta Help Center.

Use the following settings when you set up your Okta OIDC app integration:

  1. Select OIDC as the Sign-in method.

  2. Select Web application as the Application type, and set the following parameters:

    Field Description
    Name The name of your application.
    Sign-in Redirect URIs https://{YOUR_AUTH0_TENANT}.{YOUR_TENANT_REGION}.auth0.com/login/callback
    Trusted Origins https://{yourDomain}

    Find your Auth0 domain name for redirects

    If your Auth0 domain name is not shown above and you are not using our custom domains feature, your domain name is a concatenation of your tenant name, your regional subdomain, and auth0.com, separated by the dot (.) symbol.

    For example, if your tenant name is exampleco-enterprises, and your tenant is in the US region, your Auth0 domain name would be exampleco-enterprises.us.auth0.com and your Redirect URI would be https://exampleco-enterprises.us.auth0.com/login/callback.

    However, if your tenant is in the US region and was created before June 2020, then your Auth0 domain name would be exampleco-enterprises.auth0.com and your Redirect URI would be https://exampleco-enterprises.auth0.com/login/callback.

    If you are using custom domains, your Redirect URI would be https://<YOUR CUSTOM DOMAIN>/login/callback.

  3. Record the Client ID and Client Secret that Okta generates for your app integration.

Add test user to Okta app integration

Create a test user in your Okta Directory to test your app integration:

  1. In your Okta Admin Dashboard, navigate to Directory > People.  

  2. Select Add Person

  3. Enter user test details, including a password.

  4. Save the test user.

  5. In the Directory, select the new user

  6. Navigate to the Applications tab for the user and choose Assign Applications

  7. Select the application name you created in the previously.

Create Okta Workforce Enterprise connection in Auth0

Ensure you have the Client ID and Client Secret of your Okta OIDC app integration available:

  1. Go to Auth0 Dashboard > Authentication > Enterprise, locate Okta Workforce, and then select the + button.

    Dashboard - Connections - Enterprise
  2. Enter details for your connection, and then select Create:

    Field Description
    Connection name Logical identifier for your connection; it must be unique for your tenant. Once set, this name can't be changed.
    Okta Domain Okta's domain name for your organization.
    Client ID Unique identifier for your registered Okta application. Enter the saved value of the Client ID for the app you just registered in the Okta admin console.
    Client Secret String used to gain access to your registered Okta application. Enter the saved value of the Client Secret for the app you just registered in the Okta admin console.

  3. Switch to the Login Experience view, and configure how your users log in with this connection:

    Field Description
    Identity Provider domains A comma-separated list of the domains that can be authenticated in the Identify Provider. This is only applicable when using Identifier First authentication in the Universal Login Experience.
    Add button (Optional) Display a button for this connection in the login page.
    Button display name (Optional) Text used to customize the login button for new Universal Login. When set the button reads: "Continue with {Button display name}".
    Button logo URL (Optional) URL of image used to customize the login button for new Universal Login. When set, the Universal Login login button displays the image as a 20px by 20px square.

Enable connection for Auth0 applications

To use your new Okta Workforce Enterprise connection, you must enable the connection for your Auth0 Applications.

Test the connection

Now you're ready to test your connection.

Learn more