Auth0 SAML

In Infisical, head to Organization Settings > Security and click Connect for SAML under the Connect to an Identity Provider section. Select Auth0, then click Connect again.

Next, note the Application Callback URL and Audience to use when configuring the Auth0 SAML application.

2.1. In your Auth0 account, head to Applications and create an application.

Select Regular Web Application and press Create.

2.2. In the Application head to Settings > Application URIs and add the Application Callback URL from step 1 into the Allowed Callback URLs field.

2.3. In the Application head to Addons > SAML2 Web App and copy the Issuer, Identity Provider Login URL, and Identity Provider Certificate from the Usage tab.

2.4. Back in Infisical, set Issuer, Identity Provider Login URL, and Certificate to the corresponding items from step 2.3.

2.5. Back in Auth0, in the Settings tab, set the Application Callback URL to the Application Callback URL from step 1 and update the Settings field with the JSON under the picture below (replacing <audience-from-infisical> with the Audience from step 1).

{
"audience": "<audience-from-infisical>",
"mappings": {
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email",
    "given_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/firstName",
    "family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/lastName"
},
"signatureAlgorithm": "rsa-sha256",
"digestAlgorithm": "sha256",
"signResponse": true
}

Click Save.

Enabling SAML SSO allows members in your organization to log into Infisical via Auth0.

Enforcing SAML SSO ensures that members in your organization can only access Infisical by logging into the organization via Auth0.

To enforce SAML SSO, you’re required to test out the SAML connection by successfully authenticating at least one Auth0 user with Infisical; Once you’ve completed this requirement, you can toggle the Enforce SAML SSO button to enforce SAML SSO.