How to Test New Connections with the Self Service SSO Setup Assistant

Knowledge Articles
1

Overview

Self-service Single Sign-On (SSO) provides end-users with a setup assistant that guides them in creating their SSO integration. When the setup is completed, the SSO integration is automatically added to the tenant as an Enterprise Connection.

When customers create a self-service SSO for their clients, they want to let them know how to test the new connection. This article shows the assistant’s steps, including the final one, with a button to try the connection (similar to the Auth0 dashboard).

Applies To

  • Self-Service Single Sign-On (SSO)
  • B2B
  • Testing Self-Service SSO new connection
  • Self-service SSO setup assistant

Solution

Using Self-Service SSO includes the following tasks:

  1. The Auth0 customer creates a self-service profile in their tenant using the Auth0 Dashboard (Authentication > Enterprise > Self Service SSO > Create Profile) or the Management API. These profiles are used to determine key elements of customer implementations, including:

    • Which identity providers customer admins can use for SSO.
    • Which user attributes they must capture through SSO, such as email or family name.
    • Branding options that customize the look and feel of the SSO setup assistant.
      rtaImage - 2025-03-07T110037.878.jpeg
      rtaImage - 2025-03-07T110037.878.jpeg2916×556 48.8 KB

  2. Using the Management API, the Auth0 customer creates a self-service access ticket that allows customer admins to configure SSO. With this ticket, the customer admins can either create a new connection or edit an existing connection. To generate a self-service access ticket:

  3. Retrieve the ID of the self-service profile you want to associate with the access ticket.

  4. Call the SSO Access Ticket endpoint using the ID of the appropriate self-service profile:

    POST /api/v2/self-service-profiles/{id}/sso-ticket

  5. The Auth0 customer retrieves the ticket URL from the asset created in the previous step and sends this link to the customer admin.

  6. The customer admin launches the SSO setup assistant and follows the steps provided to configure either a new or existing connection.

The SSO setup assistant guides customer admins through the SSO setup process:

  1. Follow the ticket link:

    rtaImage - 2025-03-07T110232.512
    rtaImage - 2025-03-07T110232.5121660×414 23.6 KB

  2. Select the Identity Provider:

    rtaImage - 2025-03-07T110343.105.jpeg
    rtaImage - 2025-03-07T110343.105.jpeg1728×768 71.8 KB

    The assistant will show specific instructions for creating an application with that provider.

  3. If connection_id was provided during ticket creation, the assistant offers Configure Connection. If not, offers a first step: Create an application (with specific instructions for the selected IdP):

    rtaImage - 2025-03-07T110406.500
    rtaImage - 2025-03-07T110406.5002454×1180 130 KB

  4. Configure mapping:

    rtaImage - 2025-03-07T110525.737.jpeg
    rtaImage - 2025-03-07T110525.737.jpeg1664×446 62.6 KB

  5. Assign users:

    rtaImage - 2025-03-07T110539.516
    rtaImage - 2025-03-07T110539.5161664×1136 116 KB

  6. Last step: try the connection with a test button:

    rtaImage - 2025-03-07T110611.493.jpeg
    rtaImage - 2025-03-07T110611.493.jpeg1664×510 70.8 KB

    rtaImage - 2025-03-07T110620.820.jpeg
    rtaImage - 2025-03-07T110620.820.jpeg1664×510 62.4 KB

  7. After testing, the assistant shows the user information to confirm the correct attributes are being passed:

    rtaImage - 2025-03-07T110638.127
    rtaImage - 2025-03-07T110638.1272286×1368 149 KB

At the end of the process, a new Enterprise connection pointing to the customer’s application is added to the Auth0 tenant.