Docs

Single Sign-On with Auth0

Versioncurrent

The easiest and most secure way to implement Single Sign-On (SSO) with Auth0 is by using Universal Login for authentication. In fact, currently SSO is only possible with native platforms (like iOS or Android) if the application uses Universal Login. The Swift and Android quickstarts provide some examples of using Universal Login.

If you cannot use Universal Login with your application, review the following for additional info on embedded authentication:

SSO on first login

For SSO with Auth0, the Central Service is the Auth0 Authorization Server.

Let's look at an example of the SSO flow when a user logs in for the first time:

  1. Your application redirects the user to the login page.
  2. Auth0 checks to see whether there is an existing SSO cookie.
  3. Because this is the first time the user is visiting the login page and no SSO cookie is present, the user will be asked to log in using one of the connections you have configured.

  1. Once the user has logged in, Auth0 will set an SSO cookie and redirect the user to your application, returning an ID Token that contains identity information for the user.

SSO on subsequent logins

Let's look at an example of the SSO flow when a user returns to your website for a subsequent visit:

  1. Your application redirects the user to the login page.
  2. Auth0 checks to see whether there is an existing SSO cookie.
  3. Auth0 finds the SSO cookie, and if necessary, updates it. No login screen is shown.
  4. Auth0 redirects the user to your application, returning an ID Token that contains identity information for the user.

Check a user's SSO status

You can check a user's SSO status from an application by calling the checkSession method of the auth0.js SDK, which will attempt to silently authenticate the user within an iframe. Whether the authentication is successful or not indicates whether the user has an active SSO cookie.

Keep reading