• Single Sign-On
• Okta Identity Provider
• Auth0 Service Provider

Prerequisites:

• An environment to build and host a simple Node.js express application
• An Auth0 tenant (The test application login is hosted in this tenant)
• A sample application (The application is hosted locally)
• An Okta organization

SSO Using SAML

Auth0 Tenant

1. Log into the Auth0 tenant and create a new application by choosing the Regular Web Applications option.

2. Download the sample Node.js application.

3. Run the following command to start the application. This starts the application on port 3000.

Verify the application by visiting the endpoint http://localhost:3000.

Okta Tenant

1. Go to the Okta Admin Portal and create a new Security Assertion Markup Language (SAML) integration from the Applications UI.

2. Provide a name for the application (for example, AUTH0-SAML-SSO-APP).

3. Go to the Auth0 documentation titled "Configure Okta as SAML Identity Provider". Copy the example values for Single Sign-On URL and Audience URI and paste them into the Configure SAML UI in Okta. Replace {yourAuth0Domain} with the Auth0 tenant name and replace {yourAuth0ConnectionName} with a value that is used later in the Auth0 tenant as a name for the enterprise SAML connection.

4. Under the Attribute statements section, add basic attribute mappings. This mapping helps create a basic user profile for the Auth0 tenant.

5. Keep the default settings, finish creating the application, and select Save.

6. Create a new user in Okta and assign the new SAML application to this user.

Auth0 Tenant

1. Choose Applications > Enterprise and create a new SAML enterprise connection.

2. Provide the name of the connection exactly as the name from step 6.

3. Copy the value of the Sign On URL from the Okta tenant and paste the value in the Sign In URL box.

4. Download the certificate from the Okta tenant and upload the certificate as X.509 Signing Certificate.
5. Under the Login Experience tab of the SAML connection setting, enable Display connection as a button and provide a value for the Button Display Name field (for example, Log in with Okta).
6. Under the Applications tab of the SAML connection setting, enable the connection for the application created in step 1.
7. Go to http://localhost:3000 and select login. The user is redirected to a UI with an Okta login. After providing valid credentials for the user created in step 10, the user is logged into the application.

IdP-Initiated SSO Setup

Auth0 Tenant

1. Choose Authentication > Enterprise and open the SAML connection created in step 11.

2. Under the Idp-Initiated SSO tab, select Accept Requests and select the Default Application as the application created in step 1.

3. Select the Response Protocol as OpenID Connect and save the changes.

4. Open the index.js file of the sample application and copy and paste the code below.

router.get('/idpLogin', function (req, res, next) {
  // Construct the redirect URL to Auth0's login page
  const authUrl = `http://localhost:3000/login`;
  // Redirect the user to Auth0
  res.redirect(authUrl);
});

5. Go to the Application settings page and update the Allowed Callback URLs with the following values:

   • http://localhost:3000/idpLogin?connection=saml-okta-test-connection

   • http://localhost:3000/callback?connection=saml-okta-test-connection

6. Restart the sample application.

7. Log in to the Okta tenant with the user created in step 10 and select the application tile to initiate SSO.

8. The user is successfully logged into the application.