Connect to Auth0
When connecting Auth0 as an external identity provider to 10Duke Enterprise for user authentication, configure 10Duke Enterprise as a client in Auth0.
The steps below guide you how to define an OpenID Connect (OIDC) client connection for 10Duke Enterprise. For more detailed instructions, see Auth0 documentation for registering web applications.
Note: During the process, make sure to copy and store (temporarily) details from the Auth0 dashboard as instructed below.
You need the details later when you define the connection to Auth0 at the 10Duke Enterprise end using SysAdmin.
If your client application authenticates users directly with Auth0, it’s not necessary to configure 10Duke Enterprise as a client in Auth0. However:
-
When you define the connection to Auth0 in SysAdmin, you need either the public key in Privacy Enhanced Mail (PEM) format or the
jwks_uri
value in the identity provider’s OIDC Discovery document. Both of these are typically available in the identity provider’s user interface. -
By default, 10Duke Enterprise requires that when Auth0 provides your client application with an ID token, it contains an
aud
value that matches the base URL of your 10Duke Enterprise deployment. This may require some configuration in Auth0. If needed, contact the 10Duke Integration Support team.
Before you start
By default, 10Duke Enterprise requires that the external identity provider returns at least the ID, email address, first name, and last name of the authenticated user. If this is not possible, a configuration change in 10Duke Enterprise is required. Contact the 10Duke Integration Support team.
Step 1: Register 10Duke Enterprise as a client application
In the Auth0 dashboard, first register 10Duke Enterprise as a client application in Auth0:
-
Go to applications and start creating a new application.
-
Define a name for the 10Duke Enterprise client application.
-
Select regular Web application as the application type.
-
Create the application.
Step 2: Copy client credentials
-
Go to the new application’s settings.
-
In the basic application settings, copy the following details:
-
Client ID (OAuth
client_id
, for Client key in SysAdmin) -
Client secret (for Client secret in SysAdmin)
-
Step 3: Define application settings
-
In the application URI settings:
-
In allowed callback URLs, enter
https://<your 10Duke Enterprise instance>/user/oauth20/cb
. -
In allowed logout URLs (optional), enter
https://<your 10Duke Enterprise instance>/user/oidc/idp-logout
.
-
-
In the advanced settings, make sure that the authorization code grant flow is selected in the grant types.
Step 4: Copy client endpoints
-
In the endpoint settings, copy the following URLs:
-
OAuth authorization URL (for Authorization token URL in SysAdmin)
-
OAuth token URL (for Access token URL in SysAdmin)
-
Now the 10Duke Enterprise client application is ready in Auth0.
Next steps
Define the connection to Auth0 in 10Duke SysAdmin.