Security Assertion Markup Language Protocol
The Security Assertion Markup Language (SAML) protocol is an open-standard, XML-based framework for authentication and authorization between two entities without a password:
Service provider (SP) agrees to trust the identity provider to authenticate users.
Identity provider (IdP) authenticates users and provides to service providers an authentication assertion that indicates a user has been authenticated.
Auth0 supports the SAML protocol and can serve as the IdP, the SP, or both. See SAML Configuration Options for all the various configurations of SAML available with Auth0 including:
SAML SSO integrations
Microsoft Active Directory Federation Services (ADFS)
SAML request signing and encrypting
SAML identity providers
Some applications (such as Salesforce, Box, and Workday) allow users to authenticate against an external IdP using the SAML protocol. You can then integrate the application with Auth0, which serves as the application's SAML IdP. Application users will be redirected to Auth0 to log in, and Auth0 can authenticate them using any backend authentication connection, such as an LDAP directory, a database, or another SAML IdP or Social Provider. Once the user is authenticated, Auth0 returns a SAML assertion to the application that indicates such.
Here is a list of IdP services known to support the SAML protocol. There may be additional services beyond what is shown below. The following providers have participated in a Kantara interoperability test and are therefore likely to conform well to the SAML spec.
Dot Net Workflow
Elastic SSO Team & Enterprise
Entrust GetAccess & IdentityGuard (check protocol supported)
EIC (check protocol supported)
NetIQ Access Manager
RCDevs Open SAMPL IdP
Optimal IdM VIS Federation Services
Oracle Access Manager (Oracle Identity Federation merged into this)
PingFederate (IDP Light)
RSA Federated Identity (IDP Light)
Tivoli Federated Identity Manager
WSO2 Identity Server
Auth0 provides specific instructions to configure the following SAML identity providers with Auth0:
SAML service providers
Applications, especially custom ones, can authenticate users against an external IdP using protocols such as OpenID Connect (OIDC) or OAuth 2.0. However, you might want to leverage an enterprise SAML provider for authentication, even if you wrote your application to use either protocol.
Auth0 as SAML service and identity provider
You can choose to use Auth0 as both the SAML service provider and the SAML identity provider.
Supported SAML bindings and options
Auth0 supports the following SAML bindings:
Auth0 supports the following SAML options:
Web Browser SSO Profile
Single Logout Profile
Name Identifier Management Profile
Name Identifier Mapping Profile