Introduction

With Auth0, you can log in to an Auth0-linked application using not only the user database of Auth0 itself, but also user accounts managed by an external IdP. You can continue to use the user account information registered in your existing IdP, and you can achieve authentication integration with Auth0 with minimal work.
External IdP integration in Auth0 uses the Enterprise Connection feature. On this page, we will target Okta Workforce (Okta) as an external IdP and introduce the necessary settings and actual login operations.

External IdPs supported by Auth0

You can check the external IdPs supported by Auth0 below. Supports major IdPs such as Okta Workforce Identity and Azure AD.
https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers

premise

The settings and operation examples on this page assume that the following has been prepared.

• Auth0-integrated web application
• Create Okta Workforce Tenant

For the login screen function by Auth0, use New Universal Login.
*The Connection Button setting described later is not compatible with the Classic version.

In addition, the information regarding functions and settings described on this page is current as of November 2022.

Setting overview

Setting Example

2. Okta Settings

• Log in to the Okta administrator screen, go to Applications > Applications screen, and click "Create App Integration"

• Select [OIDC - OpenID Connect] for Sign-in method, [Web Application] for Application type, and click [Next].

• Set each item in the application registration and move to the bottom of the screen

• App integration name: Any setting name
• Sign-in redirect URIs: https://(Auth0 tenant domain name)/login/callback

• Select the desired assignment method in Assignments and click [Save].

* In the screen capture below, select [Allow everyone in your organization to access]
*If you want only users assigned to any group, select [Limit access to selected groups].

• Copy the values of [Client ID] and [Client Secret] of the registered application (use in 3. Auth0 settings)

3. Auth0 settings

• On the Auth0 admin screen, click Authentication > Enterprise

• Click Okta Workforce

• Click [Create Connection]

• Set each item and click [Create] at the end of the page.

• Connection name: Arbitrary setting name
• Okta Domain: Domain name of the Okta tenant to be integrated
• Client ID: Client ID of the application registered with Okta
• Client Secret: The client secret of the application registered with Okta

• On the Login Experience tab, set the Connection Button and click [Save] at the bottom of the page

• Display connection as a button: Check (Display the login button by Okta on the login screen)
• Button display name: Specify button display name

• Enable the created Enterprise Connection in the linked Application settings

Login behavior example: Login by user registered in Okta

• Perform login operation on the web application screen linked with Auth0 and transition to the login screen provided by Auth0
• Confirm that the [Continue with Okta] button is displayed, and click the [Continue with Okta] button

3. After transitioning to the authentication screen on the Okta side, enter the user information on Okta

4. Confirm that you have logged in to the web application as a user on Okta

5. Confirm the user information on the Auth0 management screen

Summary

With Auth0, by using the Enterprise Connection function, you can easily implement authentication processing using an external IdP. You can also try the Enterprise Connection function in the free Auth0 trial environment, so please feel free to experience it.
If you are interested in integrating authentication with Auth0 using your existing IdP, please contact us.

reference

• Enterprise Identity Providers – Auth0 docs
• Connect Your Auth0 Application with Okta Enterprise Connection – Auth0 docs
• Quickstart | Okta Developer