Using Auth0 to authenticate external users to SharePoint Online

Get Help
, ,
1

Hello,

We have built a few applications with Auth0 for our external users (using the Login-Password Database) with success.
We now have a new project to use SharePoint Online to share files with our external users. We don’t want to manually create guest accounts (and password) for external users in our Azure AD and would like to use Auth0 to authenticate them and give them access to our SharePoint online. Our internal company users aren’t currently in Auth0 but managed in Azure AD.

I found this integration on the market place: https://marketplace.auth0.com/integrations/office-365-sso

Would that allow us to:

  • sign in our external users using Auth0 and let them access our SharePoint online?
  • if yes, would that create guest accounts in our Azure AD for them?
  • Have our internal users still being authenticated using Azure AD?

Many thanks for your help,
Maxime

1 Like
2

Hi, Did you manage to find a solution for your use case. We have a same use case.

1 Like
3

It’s the same scenario here. It seems Auth0 doesn’t see or ignore it. It would be great if they answered.

1 Like
4

@auth0.knowledge1 Anything?

5

I assume this is how your architecture looks like:

image
image828×700 18.9 KB

Based on my understanding of the Auth0:

  1. For external users:
  • Yes, you can use Auth0 to authenticate external users and grant them access to SharePoint Online
  • The integration works by establishing a federation between Auth0 and Azure AD using SAML or OAuth
  • When external users authenticate through Auth0, they will be provisioned as guest users in your Azure AD automatically
  • This eliminates the need for manual guest account creation
  1. For guest accounts:
  • The integration will automatically create and manage guest accounts in Azure AD
  • These accounts are created with a specific source (“Auth0”) making them easily identifiable
  • You can manage permissions and access levels through SharePoint’s existing sharing features
  1. For internal users:
  • Yes, your internal users can continue using Azure AD authentication directly
  • The integration doesn’t interfere with existing Azure AD authentication flows
  • Internal users won’t need to change their login process

Configuration needs:

  • You’ll need to configure the enterprise application in Azure AD
  • Set up the SAML/OAuth connection in Auth0
  • Configure proper user provisioning settings

Hope this helps!

1 Like
6

Hi Sauman,

Thank you so much for your response—it’s exactly what I was looking for!

I’d like to move forward and try it out. Do you have any documentation for this type of configuration? I’m having trouble finding helpful resources, especially since Microsoft 365 has changed significantly over the past year.

Additionally:

  • How would the Auth0 user/group management work within the SharePoint environment?
  • How can I apply our security policies for that site and its libraries to the Auth0 groups?
  • Would a different license be necessary on the Microsoft side?

Looking forward to hearing from you.

7
  1. License requirements:
  • Ensure your Microsoft 365 license supports external sharing and guest access
  • Verify your Auth0 subscription supports enterprise connections
  1. Auth0 User/Group Management Integration:
  • When Auth0 users are provisioned to Azure AD as guests, they get a corresponding Azure AD identity
  • Auth0 groups can be mapped to Azure AD groups through SAML/OAuth claims
  • The mapping process typically looks like this:
    image
    image902×363 7.23 KB
  1. Applying Security Policies:
  • You have several options for implementing security policies:

a. Direct Group Mapping:

  • Create Auth0 groups that match your security requirements
  • Map these groups to Azure AD security groups
  • Assign SharePoint permissions to these Azure AD groups

b. Dynamic Group Assignment:

  • Use Auth0 Rules/Actions to dynamically assign users to groups based on their attributes
  • These group memberships can then flow to Azure AD
  • SharePoint inherits these group assignments
  1. Permission Management:

  • SharePoint permissions can be managed at multiple levels:

    • Site level
    • Library level
    • Folder level
    • File level

  • You can assign these permissions to the Azure AD groups that are mapped from Auth0

  • Implementation Steps:

    • Set up groups in Auth0
    • Configure group claim mapping in your Auth0 application
    • Set up corresponding security groups in Azure AD
    • Configure SharePoint permission levels
    • Assign permissions to mapped groups

Helpful Resources:

8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.