# SSO With Auth0

This document details the steps to set up Auth0 single sign-on (SSO) to manage authentication for StrongDM.

### Steps

{% hint style="info" %}
These instructions vary based on your organization's StrongDM region (not your individual location).
{% endhint %}

{% tabs %}
{% tab title="US" %}

1. In Auth0, click **Create Application**. Name the application **StrongDM** and select **Regular Web Applications** as the application type.
2. Next, configure the application. If you are prompted to select a technology to integrate with, click **Skip Integration**. Then under the Settings tab, enter the following information depending on your tenant location:
   1. **Allowed Callback URLs:** `https://app.strongdm.com/auth/return`
   2. **Allowed Web Origins:** `https://app.strongdm.com`
3. In the **Basic Information** section, copy the **Client ID** and **Client Secret** values. You will need them in the next step.
4. In the StrongDM Admin UI, go to **Settings** > **User Management**. In the **Single Sign-on** section, click the lock icon to make changes. Select **Auth0** from the provider drop-down menu. Add your single sign-on URL (e.g., `https://yourorg.auth0.com`; be sure to include the `https://`), **Client ID**, and **Client Secret**.
5. Back at Auth0, confirm that the email addresses for all users are identical in both StrongDM and your SSO provider. Confirm that all users to whom you intend to grant database access have access to the StrongDM application by default.
   {% endtab %}

{% tab title="UK" %}
*Follow instructions in the tab for the region of your organization's StrongDM control plane, not your own location. The default control plane region is US.*

* In Auth0, click **Create Application**. Name the application **StrongDM** and select **Regular Web Applications** as the application type.
* Next, configure the application. If you are prompted to select a technology to integrate with, click **Skip Integration**. Then under the Settings tab, enter the following information depending on your tenant location:
  1. **Allowed Callback URLs:** `https://app.strongdm.com/auth/return`
  2. **Allowed Web Origins:** `https://app.strongdm.com`
* In the **Basic Information** section, copy the **Client ID** and **Client Secret** values. You will need them in the next step.
* In the StrongDM Admin UI, go to **Settings** > **User Management**. In the **Single Sign-on** section, click the lock icon to make changes. Select **Auth0** from the provider drop-down menu. Add your single sign-on URL (e.g., `https://yourorg.auth0.com`; be sure to include the `https://`), **Client ID**, and **Client Secret**.
* Back at Auth0, confirm that the email addresses for all users are identical in both StrongDM and your SSO provider. Confirm that all users to whom you intend to grant database access have access to the StrongDM application by default.
  {% endtab %}

{% tab title="EU" %}
*Follow instructions in the tab for the region of your organization's StrongDM control plane, not your own location. The default control plane region is US.*

* In Auth0, click **Create Application**. Name the application **StrongDM** and select **Regular Web Applications** as the application type.
* Next, configure the application. If you are prompted to select a technology to integrate with, click **Skip Integration**. Then under the Settings tab, enter the following information depending on your tenant location:
  1. **Allowed Callback URLs:** `https://app.eu.strongdm.com/auth/return`
  2. **Allowed Web Origins:** `https://app.eu.strongdm.com`
* In the **Basic Information** section, copy the **Client ID** and **Client Secret** values. You will need them in the next step.
* In the StrongDM Admin UI, go to **Settings** > **User Management**. In the **Single Sign-on** section, click the lock icon to make changes. Select **Auth0** from the provider drop-down menu. Add your single sign-on URL (e.g., `https://yourorg.auth0.com`; be sure to include the `https://`), **Client ID**, and **Client Secret**.
* Back at Auth0, confirm that the email addresses for all users are identical in both StrongDM and your SSO provider. Confirm that all users to whom you intend to grant database access have access to the StrongDM application by default.
  {% endtab %}
  {% endtabs %}

At this point, you should be ready to enable SSO.