Auth0 SSO

Follow the sections in this guide to set up Auth0 SSO.

Security requirements for your production environment:

  • DELETE the admin default account shipped by OM in case you had Basic Authentication enabled before configuring the authentication with Auth0 SSO.
  • UPDATE the Private / Public keys used for the JWT Tokens. The keys we provide by default are aimed only for quickstart and testing purposes. They should NEVER be used in a production installation.
  • If you don't have an account, Sign up to create one.
  • Select the Account Type, i.e., Company or Personal
  • Click I need advanced settings and click next.
create-account
  • Provide the Tenant Domain, select the region and click on Create Account.
create-account
  • Once done, you will land on the dashboard page.
create-account
  • Once you are on the Dashboard page, click on Applications > Applications available on the left-hand side panel.
create-app
  • Click on Create Application.
create-app
  • Enter the Application name.
  • Choose an application type and click on Create.
create-app
  • Navigate to the Settings tab.
  • You will find your Client ID, Client Secret and Domain.
credentials

This is a guide to create ingestion bot service account. This step is optional if you configure the ingestion-bot with the JWT Token, you can follow the documentation of Enable JWT Tokens.

  • Go to your project dashboard.
client
  • Navigate to Applications > Applications
client
  • Select your application from the list.
client
  • Once selected, scroll down until you see the Application Properties section.
  • Change the Token Endpoint Authentication Method from None to Basic.
client
  • Now scroll further down to the section on Advanced Settings.
  • Click on it and select Grant Types.
  • In the Grant Types, check the option for Client Credentials.
  • You will see the Auth0 Management API.
auth
  • Click on the Auth0 Management API.
auth
  • Click on the Machine to Machine Applications tab.
  • You will find your application listed below.
auth
  • Click on the toggle to authorize.
  • Once done you will find a down arrow, click on it.
auth
  • Select the permissions (scopes) that should be granted to the client.
  • Click on Update.
auth

After the applying these steps, you can update the configuration of your deployment:

After everything has been set up, you will need to configure your workflows if you are running them via the metadata CLI or with any custom scheduler.

When setting up the YAML config for the connector, update the workflowConfig as follows: