When it comes to authenticate end-users then the API that you should focus is the Authentication API, however, the Management API may be used to perform the initial configuration required to meet the requirements for your scenario. For example, you could use the Management API to create the connection that would represent the external identity provider, however, the Management API is in most cases optional because you can also configure connections in the Auth0 Dashboard.
In other words, in order to provide more concrete recommendations additional information is required. From what’s available, I would say that:
- you need to create a connection to represent the external identity provider (this may be a SAML connection, ADFS or other).
- you need to create an application to represent the service provider.
This would then allow the service provider to initiate an authentication request (Authentication API) to the Auth0 tenant which would handle interaction with external identity provider (if needed) and then provide an authentication response to the service provider. In this situation the service provider would have very little knowledge of the upstream identity providers as authentication would always be happening through an Auth0 tenant independently of the final identity provider used by the end-user.