SSO AuthenticationSAML 2.0
Auth0
Configure Auth0 as a SAML 2.0 identity provider for Safeguard via its SAML2 Web App addon.
Auth0
Auth0 can act as either an OIDC provider (see OpenID Connect) or a SAML IdP via its SAML Web App addon.
- In the Auth0 dashboard, open (or create) a Regular Web Application, then enable the SAML2 Web App addon under its Addons tab.
- In the addon settings, set Application Callback URL to the ACS URL Safeguard shows after Save.
- Optionally set
audienceto the SP Entity ID Safeguard shows after Save — this sets an audience restriction on the assertion, separate from Auth0's own Issuer. - In the addon's Settings (JSON), ensure
"mappings"includes"email": "email"so an attribute literally namedemailis sent — separate from the Login URL/NameID Auth0 derives from the user profile. - On the addon's Usage tab, copy the Identity Provider Login URL and the Issuer (Auth0's own Entity ID, typically
urn:<tenant>.us.auth0.com), and download the Identity Provider Certificate. - In Safeguard, click Add Provider → SAML 2.0 → Auth0, and enter the Login URL, Issuer (Entity ID), and Certificate.
- Ensure the connections you want (Database, Google, etc.) are enabled for this specific application.
- Click Test in Safeguard to confirm.
Common errors: "wrong tenant" issues after saving usually mean the SAML addon was enabled on a different Application than the one you're editing — double-check the addon's Usage tab shows the app you configured.