Skip to main content

SSO Using Auth0

This page explains how to configure Auth0 as an authentication method for Styra DAS.

Configure Auth0 SSO SAML

The following instructions help you to prepare Auth0 as a method for signing in to styra-das-id.styra.com.

  1. Login to Auth0.

  2. On the left navigation pane, click Applications.

  3. A default app exists and can be used as a SAML application or you can create a new application.

  4. To create a new application, click the CREATE APPLICATION button.

  5. Enter Styra (or anything you prefer) as the Name and select an application type and click Create.

  6. This new application is created and is selected. If you want to use existing application, click on the application name link.

  7. Click the Addons tab to enable the SAML2 WEB APP. A dialog message Addon: SAML2 Web App is displayed.

  8. Click the Settings tab to enter the following details in the form.

    • Application Callback URL: For example, in https://styra-das-id.styra.com/v1/saml/ssosaml/callback replace styra-das-id.styra.com with your tenant name and ssosaml with the provider name. This provider name will be used when you configure the settings on styra-das-id.styra.com.

  9. Scroll to the bottom of this page and click on the ENABLE button.

  10. After you save, click on the Usage tab.

  11. Download the Identity Provider Metadata. This data will be used when you configure the settings on styra-das-id.styra.com.

Styra DAS Configuration

After you configure Auth0, you must configure styra-das-id.styra.com.

  1. Login to styra-das-id.styra.com with your username and password.

  2. Go to your Workspace, click Access Control >> Single Sign-On Providers and then click SAML >> + Add SAML Provider.

  3. Enter the following details in the form.

    • Provider name: Enter the name for your identity provider setting.

    • Private key: Use openssl req -x509 -newkey rsa:2048 -keyout private.key -out certificate.cert -days 3650 -nodes -subj "/CN=styra-das-id.styra.com" command to generate a private key and the associated certificate. Enter the private key.

    • Private key certificate: Enter the above generated certificate.

    • Identity provider metadata: Enter the IDP metadata.

    • Email attribute: The SAML response from Auth0 has an email address in the Attribute tag. Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.

    • Allowed Domains: Type the allowed authentication domain(s) of your users. For example, retail.acme.com. If the identity provider supports multiple domains, only users with these domains are allowed to access the service.

    • Allow identity provider to initiate sign in:

      • If enabled, identity provider can initiate the single sign on.

      • If disabled, identity provider can’t initiate the single sign on.

    • Invited users only:

      • If enabled, the authenticated user must have a pre-existing account in the service.

      • If disabled, a new user account will be created just-in-time for any authenticated user, as long as the user's domain matches one of the allowed domains (and the identity provider has assigned the new user to the Styra application).

    • Enabled: Set it to TRUE.

  4. If you have selected just-in-time provisioning for the users, then you can now logout from styra-das-id.styra.com and sign-in again through Auth0. Auth0 is now displayed on the styra-das-id.styra.com login screen above the username and password.

Invite Users to Styra (Optional)

If you configured styra-das-id.styra.com to allow only invited users to login to the service, then you must create users on styra-das-id.styra.com. You can add or invite users through the following options:

  • Using the CLI.
  • Using the GUI.
  • Any client calling the Styra CLI API.