Table of Contents
Updated by Kristen Fiddes
Read Time: 5 mins
What is Auth0?
Auth0 offers a way to add authentication services to your applications. With it integrated into your Sonar instance, users would select Continue With Single Sign On as opposed to inputting their Sonar credentials.
Before fully configuring Auth0 with your Sonar instance, you must first integrate it with your Google or Microsoft system. Following this, you'll be provided a Client ID and Client Secret, which will be used during the integration with your instance.
For both options, the following information will be utilized:
auth0.comwill be required for the authorized domains
/auth/userinfo.profilewill be the options selected when choosing from the list of scopes
https://sonarsoftware-prod.eu.auth0.com/login/callbackis to be used as the application home page
During the setup process, you'll be given the option of whether you want to restrict use to your domain or include external domains too. Which option you select depends on your business use, but any will work with the Sonar integration.
Setting Up Auth0 with Google
For details on integrating Auth0 with your Google dashboard, click here.
Setting Up Auth0 with Microsoft
For details on integrating Auth0 with Microsoft Azure, click here.
In order to make use of the Auth0 feature, the corresponding role permissions must be enabled first. Please take a moment to review these new permissions, and ensure that the relevant roles have them added before proceeding with any walkthrough steps below.
Navigate to Settings > Security > Roles and either choose to edit an existing Role or create a new Role. When the next page populates, locate the permissions reflected in the screenshots below and enable whichever ones are applicable to that Role.
Configuring Auth0 in your Instance
Before your users are able to take advantage of SSO (Single Sign On) with Auth0, you must enable and configure the feature within your instance. You are able to add up to 5 IDPs (identity providers) at a time, but for our example, we'll just be adding one:
- Navigate to Settings > Security > Identity Providers, toggle the Auth0 option, and then click on Save.
- Once Auth0 is enabled, click on Create Identity Provider and select either Google or Microsoft.SAML and Active Directory will be options at a later date.
- A modal will appear where you will input the configuration settings.
For our example below, we've selected Create Google Identity Provider:1. Enabled allows you to toggle the IDP on and off. If you were to disable an active one, it would prevent users from logging in via that method.
2. The Display Name must be unique to your instance.
3. The Client ID field is where you'll input the one provided by your identity provider host.
4. Similarly, the Client Secret section is for the secret provided by your identity provider host.There is no validation for the Client ID and Client Secret you add here; if the information is incorrect then users will be unable to sign in via SSO.
- When all the fields are filled out, click Create.
Configuring Auth0 for your Users
Any email addresses intended to be used via Auth0 must be associated with an existing user in their Sonar instance. If someone were to attempt to log in when a user does not yet exist, they'll be met with the following error message:
Our Users: Overview article details how you can create a user. Once the user is set up, it must remain “enabled” for that person to continue to be able to log in.
If a new user is created with the intention of solely utilizing the Auth0 feature, they will not have to follow through with the initial setup email that is automatically sent out via the instance. Instead, once they've successfully logged in for the first time using Auth0, you'll notice “Yes” underneath the “Completed Setup” column header.
Auth0 in Use
Once Auth0 has been set up and enabled, existing users are able to take advantage of the Auth0 feature. This option is visible on the login screen to access their instance.
When a user clicks Continue With Single Sign On, a new page will populate that lists the options available to log in with. In our example, we've set up an instance to utilize Google only, and therefore we see the following page:
From here, we will select Continue with Google IDP and be directed to the Google login page, then we'll be prompted to accept permission to pair the app.
As long as an account exists —and is enabled— with the email address you are attempting to log in with, you'll be able to successfully access the instance.
Field Tech App Consideration
SSO is not possible via the Sonar Field Tech App; any user intending to use the app will need to ensure they have a password set within their Sonar instance. Existing users should already have a password attached to their login that can be used, and new users should either continue with the initial account setup email they received or alternatively, can request a password reset on their login screen.