SAML Identity Provider Configuration

Common settings:

These are the parameters used to configure a SAML Identity Provider:

  • The post-back URL (also called Assertion Consumer Service URL) is: https://YOUR_AUTH0_DOMAIN/login/callback
  • The Entity ID of the Service Provider is: connection.options.entityId || urn:auth0:YOUR_TENANT:YOUR_CONNECTION_NAME
  • The SAML Request Binding (sent to the IdP from Auth0): HTTP-Redirect
  • The SAML Response Binding (how the SAML token is received by Auth0 from IdP): HTTP-Post
  • The NameID format: unspecified
  • The SAML assertion, and the SAML response can be individually or simultaneously signed.
  • The SingleLogout service URL, where the SAML Identity Provider will send logout requests and responses, is: https://YOUR_AUTH0_DOMAIN/logout. Note: SAML logout requests must be signed by the Identity Provider.

Encrypted Assertions:

Optionally, assertions can be encrypted. Use this public key to configure the IdP: CER | PEM | PKCS#7

IdP-Initiated SSO

If you want IdP-Initiated SSO, please make sure to include the connection parameter in the post-back URL: https://YOUR_AUTH0_DOMAIN/login/callback?connection=YOUR_CONNECTION_NAME


Some SAML Identity Providers can accept importing metadata directly with all the required information. You can access the metadata for your connection in Auth0 here: