SAML Setup for OKTA as IdP and Auth0 as SP

Knowledge Articles
, , , ,
1

Last Updated: Sep 16, 2024

Overview

The SAML connection does not work as expected, and the below error is displayed:

Oops!, something went wrong. You may have pressed the back button …

This article details what are the steps to set up a SAML connection between Okta (acting as the Identity Provider) and Auth0 (acting as the Service Provider).

Applies To

  • SAML connection
  • Okta (as Identity Provider) and Auth0 (as Service Provider).

Solution

Review the following video for details:

Here are the steps to create a Generic SAML Enterprise connection between Okta and Auth0:

Okta Side Setup

  1. Sign in to the Okta Developer Console.
  2. Go to Create App Integration and choose SAML 2.0 from the options.
  3. In Single sign on URL, enter the Auth0 tenant’s login callback URL, i.e., https://YOUR_DOMAIN/login/callback?connection=YOUR_CONNECTION_NAME
  4. The connection name will be the same name that will be assigned when setting up the SAML Enterprise connection on the Auth0 side.
  5. If a Custom domain has been configured within the tenant, it should be the custom domain that is used in place of YOUR_DOMAIN and not the Auth0 default domain.
  6. Set the Audience URI (SP Entity ID), e.g., “urn:auth0:YOUR_TENANT{just tenant name}:YOUR_CONNECTION_NAME”.
  7. Click Next and then Finish to complete the Okta application setup.
  8. When done, the login flow will be directed to the Sign On page for the newly-created app.
  • Here, click View SAML Setup Instructions, where you will find the Identity Provider Single Sign-On URL, which should look something like: https://OKTA_TENANT_DOMAIN.okta.com/app/…/…/sso/saml and X.509 Certificate, which needs to be downloaded for later use when it will need to be uploaded into the Auth0 SAML connection setup.
  1. Then, in Assignments, assign a user to the Okta application.

Auth0 Side Setup

  1. Login to the Auth0 Dashboard.
  2. Navigate Authentication > Enterprise.
  3. Click on the + sign next to the SAML connection.
  4. Give the connection the same name used previously to setup the Okta Application for Single sign on URL and URI.
  5. Set the Sign-in URL, which should look something like:https://OKTA_TENANT_DOMAIN.okta.com/app/…/…/sso/saml that can be found in the OKTA View SAML Setup Instructions.
  6. Upload the X.509 Certificate, which was downloaded from the OKTA View SAML Setup Instructions screen described above.
  7. Click Save Changes at the bottom of the screen.
  8. On the Applications tab, toggle on to create an association between the Application and the desired connection.
  9. The setup is now complete: test by navigating to Dashboard > Authentication > Enterprise > SAML < connection name> , three dots on the right, and Try the connection link.
2 Likes