github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-09 15:38:03 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
b01b4323ca4ae472fe5984696ad3aafc0a6d986f
infisical/docs/documentation/platform/sso/auth0-oidc.mdx
Tuan Dang f31340cf53 Minor adjustments to oidc docs
2024-06-20 16:34:21 -07:00

67 lines
3.3 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "Auth0 OIDC"
description: "Learn how to configure Auth0 OIDC for Infisical SSO."
---
<Info>
Auth0 OIDC SSO is a paid feature. If you're using Infisical Cloud, then it is
available under the **Pro Tier**. If you're self-hosting Infisical, then you
should contact sales@infisical.com to purchase an enterprise license to use
it.
</Info>
<Steps>
<Step title="Setup application in Auth0">
1.1. From the Application's Page, navigate to the settings tab of the Auth0 application you want to integrate with Infisical.
![OIDC auth0 list of applications](../../../images/sso/auth0-oidc/application-settings.png)
1.2. In the Application URIs section, set the **Application Login URI** and **Allowed Web Origins** fields to `https://app.infisical.com` and the **Allowed Callback URL** field to `https://app.infisical.com/api/v1/sso/oidc/callback`.
![OIDC auth0 create application uris](../../../images/sso/auth0-oidc/application-uris.png)
![OIDC auth0 create application origin](../../../images/sso/auth0-oidc/application-origin.png)
<Info>
If youre self-hosting Infisical, then you will want to replace https://app.infisical.com with your own domain.
</Info>
Once done, click **Save Changes**.
1.3. Proceed to the Connections Tab and enable desired connections.
![OIDC auth0 application connections](../../../images/sso/auth0-oidc/application-connections.png)
</Step>
<Step title="Retrieve Identity Provider (IdP) Information from Auth0">
2.1. From the application settings page, retrieve the **Client ID** and **Client Secret**
![OIDC auth0 application credential](../../../images/sso/auth0-oidc/application-credential.png)
2.2. In the advanced settings (bottom-most section), retrieve the **OpenID Configuration URL** from the Endpoints tab.
![OIDC auth0 application oidc url](../../../images/sso/auth0-oidc/application-urls.png)
Keep these values handy as we will need them in the next steps.
</Step>
<Step title="Finish configuring OIDC in Infisical">
3.1. Back in Infisical, in the Organization settings > Security > OIDC, click **Manage**.
![OIDC auth0 manage org Infisical](../../../images/sso/auth0-oidc/org-oidc-overview.png)
3.2. For configuration type, select **Discovery URL**. Then, set **Discovery Document URL**, **Client ID**, and **Client Secret** from step 2.1 and 2.2.
![OIDC auth0 paste values into Infisical](../../../images/sso/auth0-oidc/org-update-oidc.png)
Once you've done that, press **Update** to complete the required configuration.
</Step>
<Step title="Enable OIDC in Infisical">
Enabling OIDC allows members in your organization to log into Infisical via Auth0.
![OIDC auth0 enable OIDC](../../../images/sso/auth0-oidc/enable-oidc.png)
</Step>
</Steps>
<Note>
If you're configuring OIDC SSO on a self-hosted instance of Infisical, make
sure to set the `AUTH_SECRET` and `SITE_URL` environment variable for it to
work: - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This
can be a random 32-byte base64 string generated with `openssl rand -base64
32`. - `SITE_URL`: The URL of your self-hosted instance of Infisical - should
be an absolute URL including the protocol (e.g. https://app.infisical.com)
</Note>
Reference in New Issue View Git Blame Copy Permalink