Single Sign On (SSO)
Incorporating third-party identity providers (IdPs) for user sign-in is an option within your application. The current support includes social sign-ins via Google and SAML IdPs like Azure Active Directory.
Before setting up a social IdP, it's necessary to register your application with the respective IdP to acquire a client ID and client secret.
- Opt for the external User Type and proceed to create it.
- Provide app information, app domain (optional), and developer contact details.
- Save and move forward.
- Configure Scopes:
- Include Scopes like .../auth/userinfo.email, .../auth/userinfo.profile, openid.
- Update settings and save.
- Continue to Test users settings and save.
- Create credentials > OAuth client ID.
- Select web application type, name your OAuth 2.0 client.
- Add URIs to authorized JavaScript origins and authorized redirect URIs.
- Create and note down your Client ID and your Client Secret.
To enable SAML IdP sign-in for your app users:
- Follow your SAML identity provider's instructions to add a relying party or application for your SAML 2.0 IdP.
- Configure the assertion consumer endpoint in your SAML identity provider to:
- https://{_domain_name_}.auth.{_region_}.amazoncognito.com/saml2/idpresponse
- Some SAML IdPs might require the SP urn / Audience URI / SP Entity ID:
- Use urn:amazon:cognito:sp:{
- Configure your SAML IdP to provide an email value (claim) in the SAML assertion.
- Support SAML 2.0 federation with post-binding endpoints. This ensures direct receipt of SAML responses via a user agent, eliminating the need for retrieval and parsing.
Provide a SAML Provider Name and the metadata document from your SAML IdP.
- Add an enterprise application.
- Create your own application, input name, and select non-gallery option.
- Opt for single sign-on > SAML.
- Edit Basic SAML Configuration:
- Set Identifier as urn:amazon:cognito:sp:{_user_pool_id_}
- Configure Reply URL as https://{_domain_name_}.auth.{_region_}.amazoncognito.com/saml2/idpresponse
- Save and close the settings.
- Download Federation Metadata XML.
- Provide us with your provider's name and the downloaded metadata.
Error: A common Azure DB provider SSO error is shown in the screenshot below:

To resolve this error, follow these steps:
- In the Azure Active Directory Admin Center, select your app and then search for and select the application to which you want to assign the user account.
- In the left pane select Users and Groups and then select Add User/Group.


3. On the Add Assignment pane, select None Selected under Users and Groups 4. Search for and select the user that you want to assign to the application, select Select 5. On the Add Assignment, select Assign at the bottom of the pane 6. When all steps are completed, user can normally sign in to account using SSO

Create an Auth0 Application
- Access the Auth0 website dashboard.
- Click on Applications, then select Create Application.
- In the Create Application dialog box, provide a name for your application (e.g., My App).
- Choose Single Page Web Applications as the application type.
- Click the Create button.
Create a Test User
- Navigate to the left navigation bar and select User Management.
- Click on Users.
- Choose + Create Your First User. Alternatively, if this is not your initial user, select + Create User.
- Within the Create user dialog box, input the user's email and password.
- Click the Save button.
Configure SAML Settings
- Access the left navigation bar and click on Applications.
- Select the name of the application you previously created.
- Go to the Addons tab.
- Activate the SAML2 Web App option.
- Within the Addon: SAML2 Web App dialog box, navigate to the Settings tab.
- For the Application Callback URL, input https://_domain_name_.auth._region_.amazoncognito.com/saml2/idpresponse
- Please substitute domain_name and region with the appropriate values from your Single Sign-On (SSO) settings.
- Under Settings, input the following:
- { "audience": "urn:amazon:cognito:sp:_user_pool_id_", "mappings": { "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" }, "nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" }
- Replace _user_pool_id_ with the value from your SSO settings.
- (Optional) Choose Debug, then log in as the test user you created to confirm that the configuration works.
- Choose Enable, and then choose Save.
Get the IdP Metadata
- In the Addon: SAML2 Web App dialog box, on the Usage tab, find Identity Provider Metadata. Then do either of the following:
- Choose download to download the .xml metadata file.
Create a SAML App
- Open the Okta Developer Console.
- In the navigation menu, expand Applications, and then choose Applications.
- Choose Create App Integration.
- In the Create a new app integration menu, choose SAML 2.0 as the Sign-in method.
- Choose Next.
Configure SAML Integration
- On the Create SAML Integration page, under General Settings, enter a name for your app.
- Choose Next.
- Under GENERAL, for Single sign on URL, enter https://_domain_name_.auth._region_.amazoncognito.com/saml2/idpresponse
- Replace _domain_name_ and _region_ with the values from your SSO settings.
- For Audience URI (SP Entity ID), enter urn:amazon:cognito:sp:_user_pool_id_
- Replace _user_pool_id_ with the value from your SSO settings.
- Under ATTRIBUTE STATEMENTS (OPTIONAL), add a statement with the following information:
- For Name, enter the SAML attribute name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- For Value, enter user.email.
- For all other settings on the page, leave them as their default values or set them according to your preferences.
- Choose Next.
- Choose a feedback response for Okta Support.
- Choose Finish.
Assign a User
- On the Assignments tab for your Okta app, for Assign, choose Assign to People.
- Choose Assign next to the user that you want to assign. Note: If this is a new account, the only option available is to choose yourself (the admin) as the user.
- (Optional) For User Name, enter a user name, or leave it as the user's email address, if you want.
- Choose Save and Go Back. Your user is assigned.
- Choose Done.
Get the IdP Metadata
- On the Sign On tab for your Okta app, find the Identity Provider metadata hyperlink.
- Right-click the hyperlink, and then copy the URL.
- If not found then click View SAML setup instructions and save the value from Provide the following IDP metadata to your SP provider into an xml file.
