Hi,
I have read Configure Single Sign-on for Auth0 Dashboard
But I’m confused and have several questions.
- I have several tenants, how can I check which one is the root tenant authority?
- If one tenant has enterprise plan, but others do not, can I still setup SSO through the enterprise plan tenant so that all users in all tenants still need to go through the IdP ? Or do I need to make all tenants go on enterprise subscription to do this? - and if so , would I then need to make SSO integrations for each tenant?
Thanks for your help.
Hi @security3
Thank you for reaching out!
Let me try and provide some clarity on the questions you raised, as the information can sometimes be a little obscure:
- Which tenant is the root tenant authority? → You actually do not need to know or set a tenant as the RTA by default as it does not impact anything related to your Auth0 environments. When working with our Support team to enable SSO, you decide with them which tenant would be marked as your RTA and the other tenants as “child tenants” let’s say. The RTA is essentially an administrative tenant to which Auth0 has access to assist with any issues that may come up. This was mentioned briefly on this following Knowledge Article.
- To enable SSO for your tenant, you will need to submit a Support case with our team who will guide you through the process, but all tenant that are under your Enterprise agreement have access to the Enterprise features, while tenants that are not will have more limited access. As far as I know, SSO integrations act per tenant and I would assume this would stand true, SSO would need to be enabled on each tenant. This being said, our Support team would be the best resource for information regarding this.
Hope this helped!
Gerald