Migrate from Azure Access Control Service to Auth0

Azure Access Control Service will be retired in November 2018.

In this article, you'll learn how to migrate from Azure Access Control (ACS) to Auth0, and connect to a WS-Federation identity provider such as Azure Active Directory, Active Directory Federation Services, or IdentityServer.

Before you start

  • WS-Federation identity provider connections in Auth0 return tokens in SAML2 format. If your ACS configuration uses WS-Federation protocol with JWT tokens, you'll need to update your applications when migrating to Auth0.
  • Auth0 offers both cloud and on-premises deployments.
  • Review the Getting Started documentation for an overview of Auth0.

Set up your account

Start by signing up for Auth0. After creating your account, you'll be prompted to create a new tenant. Tenants in Auth0 are like namespaces in ACS: YOUR_AUTH0_DOMAIN.

Create an application

In order for an application to use Auth0 it must be registered as a application. Create a new application on the Dashboard.

Create Application window

Add Auth0 to your identity provider

Next add Auth0 as a relying party to your identity provider using the following information:

  • Realm Identifier: urn:auth0:YOUR_TENANT
  • Return URL: https://YOUR_AUTH0_DOMAIN/login/callback

Create a WS-Federation connection

To create a connection between Auth0 and your identity provider, navigate to Dashboard > Connections > Enterprise. For WS-Federation identity providers, create a new ADFS connection and provide the following information:

  • Connection Name: A descriptive name for the connection.
  • Email Domains: (Optional) A comma-separated list of valid domains. Only needed if you want to use the Lock login widget.

Next, either enter your WS-Federation server URL in the ADFS URL field or upload a Federation Metadata file.

If you set a WS-Federation server URL, Auth0 will retrieve the Federation Metadata endpoint and import the required parameters, certificates, and URLs. You must make sure that the URL is publicly accessible and the SSL certificate on your ADFS installation is valid.

New Connection

After saving the new connection you'll see a list of your registered applications. Enable the connection for your application.

Update your application

Depending on your application and use case, you'll have to update your application to use Auth0 for authentication instead of ACS. There are several ways to integrate Auth0 with your application:

Next Steps