Connect DMC to Auth0 via SAML

You can create a SAML Connection with Auth0 to DMC. This allows you to authenticate and authorize individuals to use DMC. Follow the steps below to setup this connection.

Instructions

Tip: Before you begin, be sure to create an Auth0 account and an application.

Keycloak Steps:

  1. Go to the Keycloak admin console and find the Identity providers menu.
  2. Add an SAML v2.0 provider.

Auth0 and Keycloak Configuration Steps

This section covers how to setup an identity provider which provides the connection between Auth0 and SAML.

  1. Type in the desired Display name.

    Note: This is a visible name for your custom identity provider. In the provided example, we use SAML Connection as the Display name.

  2. Find your discovery endpoint here:
    Your application > Settings > Advanced Settings > Endpoints > SAML Metadata URL.
  3. Next, add the discovery endpoint which contains the required metadata to use the identity provider.
  4. Once all boxes are filled in, click the Add button.
  5. Copy the Redirect URL and paste it into your application settings located here:
    Application URLs > Allowed Callback URLs

Sign into DMC DB with SAML Connection

This section covers how to connect DMC with SAML to Auth0.

  1. On the DMC sign in screen, click the SAML Connection Login link on the bottom of the dialog.
    This will direct you to the Auth0 login page.
  2. Log in to Auth0.
    This will direct you back to the DMC DB login screen.
  3. Finish your registration by filling in your user name, email, first name, and last name.

Log Out using SAML

Before logging out of DMC while using a SAML provider, please follow this guide. This section covers how to ensure both to Auth0 and DMC recognize that you are using a SAML2 access token.

  1. Navigate to your Auth0 account and select the Addons tab.
  2. Toggle the SAML2 WEB APP option on.
    A SAML2 Web App dialog will appear.
  3. Select the Settings tab and add the logout metadata into the Settings box.

Note: More information about metadata:
logout (object): An object that controls SAML logout. It can contain two properties: callback (of type string), that contains the service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses, and slo_enabled (boolean) that controls whether Auth0 should notify service providers of session termination. The default value is true (notify service providers).