# Setting up SSO with Auth0

When starting with Auth0 Apps things can be a bit complicated and overwhelming. In this guide we take you from zero to your own Auth0 SAML App that integrates with ilert's SSO login.

## Creating an SAML Application

1\. Login to your Auth0 Dashboard. Open the applications page and click on the **Create Application** button.

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MX3t81cQH2OwMd8YI2F%2F-MX3tALvRJIezT7hDfth%2FApplications.png?alt=media\&token=1457941c-b06d-4114-bb6e-cd55189d3df5)

2\. On the modal window name the app e.g. ilert, choose **Regular Web Application** tile and lick on the **Create** button

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MX3t81cQH2OwMd8YI2F%2F-MX3tlgJXSsKl14es2YT%2FApplications.png?alt=media\&token=153cf375-e811-4874-888e-8d67e9eb3223)

3\. On the next page click on the **Addons** tab and enable the **SAML2** addon

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MX3t81cQH2OwMd8YI2F%2F-MX3uIUnWisp8bPf-ZAL%2FApplication_Details.png?alt=media\&token=3a04a4a0-08ed-4044-8c50-cab90505b3df)

On the next page you need to fill in the information that you can find in your ilert account settings

## Setting up SSO in ilert

1\. Log in to your ilert account as **account owner**, navigate to your **Account Settings** (cog right-side navigation) and click on the **Single sign-on** tab.

{% hint style="info" %}
SSO with SAML requires your account to be on a Premium or Enterprise Plan, please always feel free to reach out in case you have any questions.
{% endhint %}

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FrMWoW6I2uVAqcZ8hnOS5%2FScreenshot%202023-02-07%20at%2011.07.07.png?alt=media&#x26;token=12b0fe34-1e81-44ee-ab62-d5439e6d783d" alt=""><figcaption></figcaption></figure>

2\. Go back to Auth0 and click on the **Settings** tab on the **SAML** modal window. Paste your **SAML Endpoint URL** value into the Auth0 **Application Callback URL** field, then paste the following settings by first replacing the **Audience Restriction** field:

```javascript
{
  "audience": "<YOUR AUDIENCE RESTRICTIOnN",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}
```

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MX3t81cQH2OwMd8YI2F%2F-MX3wybLwrOivoR8xztX%2FApplication_Details.png?alt=media\&token=3e8eec80-7432-4ce1-a7aa-e4347c879f3f)

3\. Scroll down and click on the **Save** button

4\. After saving, click on the **Usage** tab. Here you can find all the values you need for ilert SSO.

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MX3t81cQH2OwMd8YI2F%2F-MX43hXsrfPdSlmgcN95%2FApplication_Details.png?alt=media\&token=09e423a3-c6d4-4fcb-a09e-be60623820ef)

Transfer the values to ilert's SSO settings

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MX3t81cQH2OwMd8YI2F%2F-MX44F4NrX2OMgS-d_uU%2FiLert.png?alt=media\&token=3ccfb69e-47a1-4ff7-8ec1-d784cd17b27e)

Save the ilert SSO settings. SSO is now configured, however to make the login process work properly you will have to do one more thing.

## Additional SSO Configurations

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MA11LtfdCIlKQRGitps%2F-MA18RCwdzG5PqqNb7cb%2FScreenshot%202020-06-17%20at%2013.58.03.png?alt=media\&token=321ba70e-40a8-4449-bd9c-af6cb407f164)

### Auto-provisioning Auth0 Users in ilert

You can easily auto-provision users on their first SSO login by enabling the checkbox for **Provision new users on first SSO login** in your ilert account's settings. This way user accounts will be automatically setup with the role **User** in ilert. Keep in mind that this will require your account to have enough seats booked.

### Disable login with username and password

You can optionally disable the login for username and password combinations on your ilert account and enforce users to use SSO by disabling the checkbox for Allow login with username and password in your ilert account's settings.

### Passing additional attributes during auto-provisioning

Besides the `NameID` you may pass additional parameters for the user or the team to be automatically setup on the first login, please check out our [auto provisioning section](https://docs.ilert.com/users-and-access-management/single-sign-on/auto-provisioning-users-and-teams).