Auth0 as SSO provider

Snow Atlas supports configuring Auth0 as a single sign-on (SSO) provider.

Description

The Auth0 single sign-on application registration is configured using OpenID Connect (OIDC). The configuration options are already set with the permissions and settings required to function with Snow Atlas. You can also configure items such as user and access group assignments that you want to apply to this registration.

Supported features

  • ServiceProvider (SP) initiated SSO when you attempt to sign in from Snow Atlas

  • User provisioning to create the user on first sign in, when the feature is enabled in Snow Atlas

Requirements

  • The user is an Auth0 administrator.

  • The user is a Snow Atlas system administrator.

Application permissions

The following permissions are required by the Snow Atlas Auth0 single sign-on application registration:

Scope permission

Description

profile

Retrieves basic profile information about a user that is mapped to the user's profile in Snow Atlas

email

A user's primary email address that is used to sign in to Snow Atlas and as contact information

Configuration required

You are required to configure Auth0 for Snow Atlas. You must add the Snow Atlas single sign-on app to your organization's Auth0. For more information, see Add Snow Atlas as Auth0 app.

You also require the relevant Authority, client ID and client secret from the Snow Atlas SSO app in Auth0, which you need to set up Auth0 as your SSO provider in Snow Atlas. For more information, see Find values to set up Auth0 SSO in Snow Atlas.

Claim mappings

The Auth0 given_name and family_name properties are mapped to the equivalent properties in Snow Atlas if they are not already populated