Skip to main content

Auth0 OpenID Configuration

The document provides a comprehensive guide for setting up Single Sign-On (SSO) login functionality within an organization's infrastructure. It outlines a series of steps to integrate SSO using Auht0 as the identity provider, facilitating seamless access to various applications and resources.

Starting with navigating to the organization's Integrations screen and initiating the connection process, users are guided through the configuration steps, which include creating and setting up a OpenID SSO Provider. The document also covers the necessary configurations within Auth0, such as creating an app integration and configuring OpenID settings.

Additionally, it offers guidance on advanced settings, including the import of OpenID configurations from Auth0. Through clear instructions and actionable steps, the document aims to empower users in implementing a robust SSO solution.

Appcircle supports Auth0 as OpenID or SAML provider.

info

Only Enterprise accounts support SSO.

caution

Please note that, enabling SSO for APPCIRCLE LOGIN does not automatically enable SSO for Testing Distribution and the Enterprise App Store. They must be configured separately.

SSO Login

  • To start, go to My Organization > Integrations screen and press the Connect button next to SSO Login under the Authentications section.
  • Click Create button to create your SSO Login.
info

If you want to manage user groups within your SSO provider, you should set CLAIM NAME (OPENID) / ATTRIBUTE NAME (SAML) field.

  • Select Setup OpenID SSO Provider

  • Pick an alias and display name for your organization. Please pick a short and rememberable alias.

  • This screen will auto-generate an URL for the Enterprise App Store and Testing Distribution.

Auth0 App Integration

  • Login to your Auth0 account and navigate to Applications and then click Create Application.
  • Select Regular Web Applications and give a name.
  • Navigate to settings of the app and note, Client ID and Client Secret.
  • Copy the Store Redirect URL and Distribute Redirect URL from the Appcircle and add it to the Allowed Callback URLs. You can specify multiple valid URLs by comma-separating them.
  • Instead of writing all the settings of OpenID, you can download the settings file from Auth0 and upload it. Navigate to the OpenID Configuration address and download that JSON file to your computer.
  • Go back to Appcircle, upload this JSON file by clicking the button under Import OpenID configuration
  • Check all the settings on this page and confirm that Authorization and Token URLs are imported correctly. Select Client Authentication as Client secret sent as basic auth and enter your Client ID and Client Secret. Modify the settings as below.
  • Click on the Save button and finish the edit process.

Auth0 Managing User Groups

Managing user groups within Auth0 provides users and organizations with several benefits. By organizing users into groups, administrators can efficiently manage access permissions for various applications and resources, saving time and effort. Administrators can synchronize Auth0 user groups with Appcircle, allowing for granular access control and group-based permissions. This integration enhances security, simplifies access management, and promotes collaboration within organizations utilizing the Appcircle platform.

  • Login to your Auth0 account and navigate to the organization section. Then create organizations.
  • Add users who will become members of your organization.
  • Navigate to the "Connections" tab and enable Username-Password-Authentication connection for your organization.
  • Navigate to the "Applications" section. Select the relevant application, then go to the "Organizations" tab. Click on "Disable Grants Now".
  • Choose "Business Users" for the type of users and select "Prompt for Organization" for the login flow. Click on "Save Changes".
  • Go back to Appcircle, go to My Organization > Integrations screen and press the Manage button next to SSO Login under the Authentications section.
  • Update the Claim Name as org_id.
caution

The org_id claim value is equal to the organization ID, not the organization name. Please refer the Use Organization Name documentation to change this behaviour.

tip

Sample Scenario

For example there are two groups, one is developers and other one is users.

The beta channel on Enterprise App Store should be available for developers group and not for users group that has end-users.

The live channel should be available for both groups in this case.

Appcircle Integration Configuration

  • To enable SSO Login for the Enterprise App Store, you should navigate to the Enterprise App Store -> Settings and then click on the Activate button next to SSO Login.
  • To enable SSO login for the Testing Distribution, go to the Testing Distribution module and select related profile.
  • Click on the Settings button on the detail screen.
  • Navigate to the Authentication tab and select SSO Login as the authentication type.