Hi there
I have a requirement to set up SSO for my client applications but I want to enforce SSO only for some users based on their domain names. How can I do this in Auth0? Can this be achieved using rules?
@dan.woda
Hi @ilyas-shah,
can you clarify a bit more: what do you mean with “enforcing SSO”, or what would be the opposite? That users should always need to re-login with every app they’re using?
I can understand if you say “enforce a login”, but not sure what you mean with “enforce SSO”. Can you explain the use case a bit more?
Hey @mathiasconradt thanks for quick response. By “enforce” I mean to have SSO for some users (based on their domain) and I could have some other means of Authentication for other users. Hope it is clear now.
It’s still not 100% clear to me. For the client applications that use Auth0 for authentication, regardless of the authentication method used (username/password with a Auth0 database, federated social login such as Google or Facebook, etc.), Auth0 is the central authorization server where the SSO cookie is being set.
So as long as a user has a valid Auth0 session, SSO would work by default due the architecture design of the client applications in conjunction with Auth0.
This blog post explains the SSO mechanism a bit more, maybe it helps:
Or maybe you can clarify what you understand under the term “SSO”, maybe there’s a misunderstanding there.
@mathiasconradt
Let me try to explain it with an example:
I have some users in a company say “company1” with the username of “user1@company1.com”.
I have a user from the same company who doesn’t have the company domain name and have a username say “user2@gmail.com”. I want to enable SSO for only those users who have “company1.com” in their username and for others, I can have simple basic authentication. How can I achieve this?