How do I configure Single Sign-On with Auth0?

A step-by-step guide to connecting Auth0 to Atlas using SAML 2.0, so your users can sign in to Atlas with their Auth0 credentials.

You'll need:

• An Auth0 tenant with permissions to create and configure applications and SAML integrations

• Access to Atlas with permission to configure Single Sign-On

• The Atlas Single Sign-On configuration page open in a separate browser tab — you'll be copying values between the two

1. Go to your Auth0 dashboard and sign in with an account that has permission to manage applications.

2. In the left-hand navigation, go to Applications → Applications.

3. Create a new application for Atlas (or open an existing one). Give it a clear name such as Atlas SAML SSO.

4. Select Regular Web Application as the application type (or the type recommended by your Auth0 administrator).

5. Save the application.

6. Open the Atlas application you just created.

7. Go to the Addons tab and enable SAML2 Web App.

8. Open the SAML2 Web App configuration dialog.

9. In the Settings tab for the addon, find the SAML configuration fields.

10. Set the audience / entityId to the Atlas Audience / Entity ID from the Atlas wizard.

11. Set the callback URL (Assertion Consumer Service URL) to the Atlas Single Sign-On URL from the Atlas wizard.

12. If there is a Recipient or Destination field, use the same Atlas Single Sign-On URL.

13. Save the SAML2 Web App configuration.

⚠️ Important: Always use the exact values from your Atlas environment — not example values from other documentation.

14. In the addon Settings, review the mappings section.

Make sure the SAML assertion includes attributes for:

• Email address

• First name

• Last name

Use consistent attribute names such as email, given_name, and family_name — you'll map these in Atlas later.

15. Save the configuration.

16. In the SAML2 Web App configuration or the Addons summary, find the Identity Provider Metadata or SAML Metadata download link.

17. Download the metadata XML file and/or copy the relevant identity provider URLs and certificate.

18. Keep these handy — you'll paste them into Atlas shortly.

19. In the Auth0 dashboard, go to User Management → Users and create or confirm the accounts for users who will sign in to Atlas.

20. Make sure these users are allowed to authenticate through the Atlas application in Auth0.

21. In Atlas, open the user management area.

22. Create or confirm accounts for the same users, making sure their email addresses match exactly what's in Auth0.

💡 Tip: User identifiers must match between Auth0 and Atlas for Single Sign-On to work correctly.

Open the Single Sign-On configuration page in Atlas and follow the wizard.

23. Enter a Configuration name — for example, Auth0 Single Sign-On.

24. Select SAML 2.0 as the protocol.

25. In the Atlas Single Sign-On endpoints step, review the values shown (Single Sign-On URL and Audience / Entity ID).

26. Confirm these match the callback URL and audience / entityId you set in Auth0.

In the relevant step of the Atlas wizard, paste the Auth0 details you collected earlier:

• Identity provider metadata (or SAML metadata URL / XML)

• Certificate

• Sign-in URL (and logout URL if applicable)

27. Save the configuration step.

In the attribute mapping steps, connect Auth0 attributes to Atlas user fields:

• Email address → Atlas email field

• First name → Atlas first name field

• Last name → Atlas last name field

• Phone number — optional, can be skipped

28. Confirm all required mappings are complete and save without errors.

29. In Atlas, select Test connection on the Single Sign-On configuration page.

30. Atlas will redirect you to the Auth0-hosted login page for your tenant.

You've set things up correctly if:

• You're redirected to your Auth0 login page

• You can sign in with a user who has access to the Atlas application in Auth0

• After signing in, you're redirected back to Atlas

• Atlas shows a confirmation that the connection was successful

If the connection test fails, check the following:

• The audience / entityId and callback / Assertion Consumer Service URL in Auth0 exactly match the values in the Atlas Single Sign-On endpoints step.

• The user is allowed to authenticate to the Atlas application in Auth0 and exists in Atlas with a matching identifier.

• The SAML attribute names for email, first name, and last name in Auth0 match the mappings in Atlas.

• Review any error messages in Atlas or in Auth0 logs (Monitoring → Logs) for further detail.

If you're still stuck, contact your internal administrator or reach out to Atlas support — include a description of what you've tried and any error messages you've seen.