Hello,
We have built a few applications with Auth0 for our external users (using the Login-Password Database) with success.
We now have a new project to use SharePoint Online to share files with our external users. We don’t want to manually create guest accounts (and password) for external users in our Azure AD and would like to use Auth0 to authenticate them and give them access to our SharePoint online. Our internal company users aren’t currently in Auth0 but managed in Azure AD.
I found this integration on the market place: https://marketplace.auth0.com/integrations/office-365-sso
Would that allow us to:
- sign in our external users using Auth0 and let them access our SharePoint online?
- if yes, would that create guest accounts in our Azure AD for them?
- Have our internal users still being authenticated using Azure AD?
Many thanks for your help,
Maxime
1 Like
Hi, Did you manage to find a solution for your use case. We have a same use case.
1 Like
It’s the same scenario here. It seems Auth0 doesn’t see or ignore it. It would be great if they answered.
1 Like
I assume this is how your architecture looks like:
Based on my understanding of the Auth0:
- For external users:
- Yes, you can use Auth0 to authenticate external users and grant them access to SharePoint Online
- The integration works by establishing a federation between Auth0 and Azure AD using SAML or OAuth
- When external users authenticate through Auth0, they will be provisioned as guest users in your Azure AD automatically
- This eliminates the need for manual guest account creation
- For guest accounts:
- The integration will automatically create and manage guest accounts in Azure AD
- These accounts are created with a specific source (“Auth0”) making them easily identifiable
- You can manage permissions and access levels through SharePoint’s existing sharing features
- For internal users:
- Yes, your internal users can continue using Azure AD authentication directly
- The integration doesn’t interfere with existing Azure AD authentication flows
- Internal users won’t need to change their login process
Configuration needs:
- You’ll need to configure the enterprise application in Azure AD
- Set up the SAML/OAuth connection in Auth0
- Configure proper user provisioning settings
Hope this helps!
1 Like
Hi Sauman,
Thank you so much for your response—it’s exactly what I was looking for!
I’d like to move forward and try it out. Do you have any documentation for this type of configuration? I’m having trouble finding helpful resources, especially since Microsoft 365 has changed significantly over the past year.
Additionally:
- How would the Auth0 user/group management work within the SharePoint environment?
- How can I apply our security policies for that site and its libraries to the Auth0 groups?
- Would a different license be necessary on the Microsoft side?
Looking forward to hearing from you.
- License requirements:
- Ensure your Microsoft 365 license supports external sharing and guest access
- Verify your Auth0 subscription supports enterprise connections
- Auth0 User/Group Management Integration:
- When Auth0 users are provisioned to Azure AD as guests, they get a corresponding Azure AD identity
- Auth0 groups can be mapped to Azure AD groups through SAML/OAuth claims
- The mapping process typically looks like this:
- Applying Security Policies:
- You have several options for implementing security policies:
a. Direct Group Mapping:
- Create Auth0 groups that match your security requirements
- Map these groups to Azure AD security groups
- Assign SharePoint permissions to these Azure AD groups
b. Dynamic Group Assignment:
- Use Auth0 Rules/Actions to dynamically assign users to groups based on their attributes
- These group memberships can then flow to Azure AD
- SharePoint inherits these group assignments
- Permission Management:
Helpful Resources:
