Skip to content
Last updated

Configure SSO with Auth0 OIDC

Follow this guide to configure an SSO integration between Auth0 OpenID Connect protocol and Reunite.

Important: Before completing the Reunite setup, ensure you preserve the Owner organization role (see "Preserve the Owner organization role" section) to avoid getting locked out of your organization.

Add Auth0 as a corporate identity provider in Reunite

  1. In Reunite, navigate to your organization's Overview page.
  2. Select SSO and login in the navigation menu on the left side of the page.
  3. Click Add in the Guest or Corporate Identity Provider section.
  4. Select OpenID Connect.
  5. Enter a name for your identity provider.
  6. Select the default Organization Role for users who log in with the identity provider.
  7. (Optional) Enter the name of the Default Team.
  8. Copy the Callback URL. Keep this tab open and continue with the Auth0 configuration in a new tab.

Create an application in Auth0

  1. Log in to Auth0 and select Applications from the menu on the left side of the page.
  2. Click Create Application.
  3. Choose Regular Web Applications, and click Create.

Copy settings between Auth0 and Reunite

  1. In Auth0's Application Settings tab, scroll to Application URIs and paste the previously copied callback URL into the Allowed Callback URLs field.
  2. Click the Save Changes button.
  3. Scroll to Advanced Settings > Endpoints, copy the OpenID Configuration, and paste it in Reunite into the Configuration (.well-known) field.
  4. In Auth0, scroll to Basic Information, copy the Client ID and Client Secret, and paste them into Reunite.
  5. In Reunite's RBAC Teams Claim Name field, enter https://redocly.com/sso/teams.

Preserve the Owner organization role

Critical step: Complete this step before clicking Save in Reunite to prevent getting locked out of your organization.

To prevent Auth0 from changing users' roles to the default organization role specified in the SSO settings:

  1. In Auth0, navigate to User Management > Roles.
  2. Create a role named redocly.owners.
  3. Navigate to Users > Roles and assign the redocly.owners role to users with an Owner role in your organization.
  4. Return to Reunite and click Save to complete the identity provider setup.

Setup an Action for your application

  1. In Auth0, navigate to Actions > Library, then click Create Action and select Build from Scratch.
  2. Add a name for your action.
  3. In the Trigger drop-down, select Login/Post Login.
  4. Click Create.
  5. Add the following code to the action and click Deploy:
    exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://redocly.com/sso';
if (event.authorization && event.authorization.roles) {
  api.idToken.setCustomClaim(`${namespace}/teams`, event.authorization.roles);
}
};
  6. Navigate to Actions > Triggers, and select post-login.
  7. Click Add Action, select the Custom tab, and drag and drop your action between Start and Complete.
  8. Click Apply.

Resources

  • Learn more about the different IdP types in Reunite and how they apply to projects in the Single Sign-on concept.
  • Follow steps for how to Add an identity provider in Reunite.
  • If you have already added multiple IdP types in Reunite, you can Configure SSO to allow your users to use multiple IdP types for a project.
 
Next page