# SSO With Auth0

This document details the steps to set up Auth0 single sign-on (SSO) to manage authentication for StrongDM.

### Steps

{% hint style="info" %}
These instructions vary based on your organization's StrongDM region (not your individual location).
{% endhint %}

{% tabs %}
{% tab title="US" %}

1. In Auth0, click **Create Application**. Name the application **StrongDM** and select **Regular Web Applications** as the application type.
2. Next, configure the application. If you are prompted to select a technology to integrate with, click **Skip Integration**. Then under the Settings tab, enter the following information depending on your tenant location:
   1. **Allowed Callback URLs:** `https://app.strongdm.com/auth/return`
   2. **Allowed Web Origins:** `https://app.strongdm.com`
3. In the **Basic Information** section, copy the **Client ID** and **Client Secret** values. You will need them in the next step.
4. In the StrongDM Admin UI, go to **Settings** > **User Management**. In the **Single Sign-on** section, click the lock icon to make changes. Select **Auth0** from the provider drop-down menu. Add your single sign-on URL (e.g., `https://yourorg.auth0.com`; be sure to include the `https://`), **Client ID**, and **Client Secret**.
5. Back at Auth0, confirm that the email addresses for all users are identical in both StrongDM and your SSO provider. Confirm that all users to whom you intend to grant database access have access to the StrongDM application by default.
   {% endtab %}

{% tab title="UK" %}
*Follow instructions in the tab for the region of your organization's StrongDM control plane, not your own location. The default control plane region is US.*

* In Auth0, click **Create Application**. Name the application **StrongDM** and select **Regular Web Applications** as the application type.
* Next, configure the application. If you are prompted to select a technology to integrate with, click **Skip Integration**. Then under the Settings tab, enter the following information depending on your tenant location:
  1. **Allowed Callback URLs:** `https://app.strongdm.com/auth/return`
  2. **Allowed Web Origins:** `https://app.strongdm.com`
* In the **Basic Information** section, copy the **Client ID** and **Client Secret** values. You will need them in the next step.
* In the StrongDM Admin UI, go to **Settings** > **User Management**. In the **Single Sign-on** section, click the lock icon to make changes. Select **Auth0** from the provider drop-down menu. Add your single sign-on URL (e.g., `https://yourorg.auth0.com`; be sure to include the `https://`), **Client ID**, and **Client Secret**.
* Back at Auth0, confirm that the email addresses for all users are identical in both StrongDM and your SSO provider. Confirm that all users to whom you intend to grant database access have access to the StrongDM application by default.
  {% endtab %}

{% tab title="EU" %}
*Follow instructions in the tab for the region of your organization's StrongDM control plane, not your own location. The default control plane region is US.*

* In Auth0, click **Create Application**. Name the application **StrongDM** and select **Regular Web Applications** as the application type.
* Next, configure the application. If you are prompted to select a technology to integrate with, click **Skip Integration**. Then under the Settings tab, enter the following information depending on your tenant location:
  1. **Allowed Callback URLs:** `https://app.eu.strongdm.com/auth/return`
  2. **Allowed Web Origins:** `https://app.eu.strongdm.com`
* In the **Basic Information** section, copy the **Client ID** and **Client Secret** values. You will need them in the next step.
* In the StrongDM Admin UI, go to **Settings** > **User Management**. In the **Single Sign-on** section, click the lock icon to make changes. Select **Auth0** from the provider drop-down menu. Add your single sign-on URL (e.g., `https://yourorg.auth0.com`; be sure to include the `https://`), **Client ID**, and **Client Secret**.
* Back at Auth0, confirm that the email addresses for all users are identical in both StrongDM and your SSO provider. Confirm that all users to whom you intend to grant database access have access to the StrongDM application by default.
  {% endtab %}
  {% endtabs %}

At this point, you should be ready to enable SSO.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.strongdm.com/admin/principals/sso/auth0-oidc.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.