Identity Enterprise SSO integration with Auth0

This guide shows you how to register a client application in Auth0. You need the application details to complete the Identity Enterprise SSO setup.

Prerequisites

To be able to manage applications, you must have an Auth0 account with an Admin role.

Sign in to the Auth0 Dashboard at https://manage.auth0.com.
- If you have multiple tenants, switch to the correct tenant.
Go to Applications > Applications, then click Create Application.
In the Create application dialog, do the following:
- For Name, enter the name of the application. For example "commercetools Identity".
- For application type, select Regular Web Applications.
Click Create.
On the New Application > Settings page, do the following:
- For Allowed callback URLs, enter the Redirect URI of Identity as displayed in the SSO configuration form. The value is dependent on the PKCE option. By default it's https://auth.identity.commercetools.com/self-service/methods/oidc/callback as we force the use of PKCE. If you select another PKCE option (auto or disable) the Redirect URI changes.
- In the Advanced Settings > Grant Types tab (at the bottom of the screen), make sure that Authorization Code is selected. You can deselect the other options.
Click Save.
Copy the Client ID and Client Secret.
Determine the Issuer URL in the format: https://{tenant}.{region}.auth0.com
- You can confirm it under Advanced Settings > Endpoints > OpenID Configuration (remove the /.well-known/openid-configuration suffix).

PKCE: Identity enforces PKCE for security. No extra Auth0 setting is required beyond using the Authorization Code grant.

You will need these when configuring Enterprise SSO in Identity:

After registering your client application, continue with the Identity Enterprise SSO initial setup.