Okta
Octa
Introduction
With Auth0, you can log in to an Auth0-linked application using not only the user database of Auth0 itself, but also user accounts managed by an external IdP. You can continue to use the user account information registered in your existing IdP, and you can achieve authentication integration with Auth0 with minimal work.
External IdP integration in Auth0 uses the Enterprise Connection feature. On this page, we will target Azure Active Directory (hereinafter referred to as Azure AD) as an external IdP, and introduce the necessary settings and actual login operations.
External IdPs supported by Auth0
You can check the external IdPs supported by Auth0 below. Supports major IdPs such as Okta Workforce Identity and Azure AD.
https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers
premise
The settings and operation examples on this page assume that the following has been prepared.
- Auth0-integrated web application
- Create Azure AD tenant
For the login screen function by Auth0, use New Universal Login.
*The Connection Button setting described later is not compatible with the Classic version.
In addition, the information regarding functions and settings described on this page is current as of November 2022.
Setting overview
In order to achieve authentication integration with Azure AD as an external IdP in an Auth0-linked web application, the settings required for each of Auth0 and Azure AD are as follows.
- Application registration
- Create client secret
- Enterprise Connection settings for Azure AD
- Enabling Enterprise Connection in Application
From here, we will introduce the specific setting method and an example of operation at login.
Setting Example
- Organizing Auth0 side information required for Azure AD settings
Check the following information required for setting on the Azure AD side
- Auth0 Tenant Domain Name: xxxxxx.xx.auth0.com
*For details on the settings on the Azure AD side, please refer to the following Microsoft page.
https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
- On the Azure portal screen, click [Add] > [App registration]
![On the Azure portal screen, click [Add] > [App registration]](/business/security/okta/image/okta_tech_auth0_azure_ad_dr01.png)
- After setting each item in the application registration, click [Register].
- Name: Arbitrary setting name
- Supported Account Types: Specifying Scope of Access
- Redirect URL: https://(Auth0 tenant domain name)/login/callback
![After setting each item in the application registration, click [Register].](/business/security/okta/image/okta_tech_auth0_azure_ad_dr02.png)
- Copy the application (client) ID of the registered application (use in 3. Auth0 settings)
- Select [Certificates & secrets] from the left menu and click [New client secret].
- Specify any description and expiration date and click [Add]
![Specify any description and expiration date and click [Add]](/business/security/okta/image/okta_tech_auth0_azure_ad_dr05.png)
- Copy the issued client secret value (use in 3. Auth0 settings)
- On the Auth0 admin screen, click [Authentication] > [Enterprise]
![On the Auth0 admin screen, click [Authentication] > [Enterprise]](/business/security/okta/image/okta_tech_auth0_azure_ad_dr07.png)
- Click [Microsoft Azure AD]
![Click [Microsoft Azure AD]](/business/security/okta/image/okta_tech_auth0_azure_ad_dr08.png)
- Click [Create Connection]
![Click [Create Connection]](/business/security/okta/image/okta_tech_auth0_azure_ad_dr09.png)
- After setting each item, click [Create] at the end of the page.
- Connection name: Arbitrary setting name
- Microsoft Azure AD Domain: Azure AD domain to be linked (can be confirmed from Home > Azure Active Directory)
- Client ID: The application (client) ID of your Azure AD application
- Client Secret: The client secret value of your Azure AD application
- Use common endpoint: Disabled
- Identity API: Microsoft Identity Platform (v2)
- Extended Attributes: No selection
- Auth0 APIs: No selection
- Sync user profile attributes at each login: Enabled
- Email Verification: Always set email_verified to 'false'
![After setting each item, click [Create] at the end of the page.](/business/security/okta/image/okta_tech_auth0_azure_ad_dr10.png)
- Configure the Connection Button settings on the Login Experience tab and click [Save] at the bottom of the page.
- Display connection as a button: Check (display the login button by Azure AD on the login screen)
- Button display name: Specify button display name
![Configure the Connection Button settings on the Login Experience tab and click [Save] at the bottom of the page.](/business/security/okta/image/okta_tech_auth0_azure_ad_dr11.png)
- Enable the created Enterprise Connection settings in the linked Application settings
Behavior example when logging in: Login by a user registered in Azure AD
- Perform login operation on the web application screen linked with Auth0 and transition to the login screen provided by Auth0
- Confirm that the [Continue with Azure AD] button is displayed, and click the [Continue with Azure AD] button.
![Click [Accept] when the message asking for permission is displayed.](/business/security/okta/image/okta_tech_auth0_azure_ad_dr16.png)
Summary
With Auth0, by using the Enterprise Connection function, you can easily implement authentication processing using an external IdP. You can also try the Enterprise Connection function in the free Auth0 trial environment, so please feel free to experience it.
If you are interested in integrating authentication with Auth0 using your existing IdP, please contact us.
reference
Inquiry/Document request
In charge of Macnica Okta Co., Ltd.
- TEL:045-476-2010
- E-mail:okta@macnica.co.jp
Mon-Fri 8:45-17:30