How do I configure Auth0 as a external identity provider for SharePoint online/Office 365

saravananl · April 12, 2021, 6:25am

hi,

how do I configure Auth0 as a external identity provider for SharePoint online/Office 365 . we plan to host a extranet and I came across a article where you could configure Auth0 as a IDP and use it . I this possible ?

stephanie.chamblee · April 12, 2021, 12:57pm

Hi @saravananl,

Does this look like the info you are looking for?:

https://auth0.com/docs/integrations/office-365-custom-provisioning

saravananl · April 12, 2021, 1:08pm

Thanks. Looks close , but one question. should the user exists in Azure AD or just in Auth0 ?

saravananl · April 12, 2021, 1:11pm

Let me add some more information 0 We are trying to get external users access SharePoint online and we want the external users to be managed in Auth0 , not necessarily in AD .

stephanie.chamblee · April 12, 2021, 1:14pm

In the guide, users may or may not exist in Azure AD before they log in for the first time, but using a rule, a user will be created in Azure AD once they have logged in. I believe in order to allow them access to SharePoint, a user will need to be created in Azure AD at some point. You can, however, control access through Auth0 by adding additional rules: https://auth0.com/docs/authorization/rules-for-authorization-policies

saravananl · April 12, 2021, 1:39pm

Thanks. To access SharePoint in Office 365 there needs to be license assigned to user when they are created, how is this done through Auth0 ? reason I am asking is , we need this to be a smooth login experience. creating a user is the first step but we should also add the license in order to ensure the user can access the app right ?

stephanie.chamblee · April 12, 2021, 1:48pm

That makes sense! When the user logs in via your Auth0 tenant, a rule will run behind the scenes. Rules are sandboxed javascript functions that execute after authentication.

Within the rule, a user will be created in Azure AD and a license will be assigned to them. The user will not be aware of this process. The first log-in will take a little longer than subsequent log-ins because of the provisioning process, but otherwise, there should be no difference for the user.

A sample Azure AD provisioning rule is provided in the guide: https://auth0.com/docs/integrations/office-365-custom-provisioning?&_ga=2.159083834.1847387816.1618225160-1595415333.1607347674#create-the-azure-ad-provisioning-rule

system · April 27, 2021, 1:49pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.