Auth0 integrates with Active Directory/LDAP through the Active Directory/LDAP Connector that you install in your network.

The AD/LDAP Connector (1), is a bridge between your Active Directory (2) and the Auth0 Service (3). This bridge is necessary because AD is typically locked down to your internal network, and Auth0 is a cloud service running on a completely different context.

You can install multiple instances of the Connector for high availability and load balancing. Also, all connections are out-bound: from the Connector to the Auth0 Server, so in general no changes to the firewall need to be applied.

The Connector supports LDAP, Kerberos and Client Certificates based authentication.

An AD/LDAP Connection caches user profiles and credentials by default to maximize availability and performance. Credential caching can be disabled at the connection level.

The AD/LDAP Connection credential cache stores a hash of the user password. Auth0 never stores secrets in clear text.