Connect Your Auth0 Application with Okta Workforce Enterprise Connection
Learn how to connect to Okta as an OpenID Connect (OIDC) Identity Provider using an enterprise connection.
The Okta Workforce Enterprise connection is an officially-supported, streamlined integration, and the preferred method to implement Okta as an (IdP) in Auth0.This integration allows your customers to manage their employees’ access to your application with Okta.Additionally, if you are using Auth0 for customer identity management and Okta for workforce identity management internally, this integration is effective way to manage your identity spaces.If the Okta Workforce Enterprise connection does not support your use case, you can configure Okta as a SAML IdP or configure a custom authorization server to serve your needs.
If your Auth0 domain name is not shown above and you are not using our custom domains feature, your domain name is a concatenation of your tenant name, your regional subdomain, and auth0.com, separated by the dot (.) symbol.For example, if your tenant name is exampleco-enterprises, and your tenant is in the US region, your Auth0 domain name would be exampleco-enterprises.us.auth0.com and your Redirect URI would be https://exampleco-enterprises.us.auth0.com/login/callback.However, if your tenant is in the US region and was created before June 2020, then your Auth0 domain name would be exampleco-enterprises.auth0.com and your Redirect URI would be https://exampleco-enterprises.auth0.com/login/callback.If you are using custom domains, your Redirect URI would be https://<YOUR CUSTOM DOMAIN>/login/callback.
Record the Client ID and Client Secret that Okta generates for your app integration.
Enter details for your connection, and then select Create:
Field
Description
Connection name
Logical identifier for your connection; it must be unique for your tenant. Once set, this name can’t be changed.
Okta Domain
Okta’s domain name for your organization.
Client ID
Unique identifier for your registered Okta application. Enter the saved value of the Client ID for the app you just registered in the Okta admin console.
Client Secret
String used to gain access to your registered Okta application. Enter the saved value of the Client Secret for the app you just registered in the Okta admin console.
In the Provisioning view, configure how user profiles get created and updated in Auth0.
Field
Description
Sync user profile attributes at each login
When enabled, Auth0 automatically syncs user profile data with each user login, thereby ensuring that changes made in the connection source are automatically updated in Auth0.
Sync user profiles using SCIM
When enabled, Auth0 allows user profile data to be synced using SCIM. For more information, see Configure Inbound SCIM.
Switch to the Login Experience view, and configure how your users log in with this connection:
This option displays the following choices to customize your application’s connection button.
Button display name (Optional)
Text used to customize the login button for Universal Login. When set the button reads: “Continue with {Button display name}”.
Button logo URL (Optional)
URL of image used to customize the login button for Universal Login. When set, the Universal Login login button displays the image as a 20px by 20px square.
Optional fields are available with Universal Login only. Customers using Classic Login will not see the Add button, Button display name, or Button logo URL.
This connection type supports a Global Token Revocation endpoint, which allows a compliant identity provider to revoke Auth0 user sessions, revoke , and trigger back-channel logout for applications using a secure back-channel.This feature can be used with Okta’s Universal Logout.For more information and configuration instructions, see Universal Logout.
