As Independent Software Vendors (ISVs) quickly learn, in addition to building the core functionality of your software-as-a-service (SaaS) apps, you must also provide features that support your business customers’ administration, integration, and security needs.
One of the most challenging features to implement is Single Sign-On (SSO) due to the many competing standards and protocols available. Plus, merely supporting SSO is only one piece of the puzzle — it also has to get deployed:
- From the perspective of each of your business customers, setting up SSO for each and every app they’ve adopted can be a tedious process, often involving lots of back and forth with your customer service reps — and perhaps even your developers
- For you as an ISV, helping each and every business customer set up SSO for your app is just as tedious and time-consuming
Both parties benefit from a quick and simple deployment approach, which is why we’re excited to announce that our Self-Service SSO feature has reached General Availability (GA) status.
SSO Is an Enterprise Imperative
Due to its associated benefits, Single Sign-On (SSO) — an Identity solution that allows multiple applications to use the same authenticated session — is an essential element of modern Identity and Access Management (IAM). SSO is so important, in fact, that it’s a foundational element of the emerging Interoperability Profile for Secure Identity in the Enterprise (IPSIE) security standard.
On top of providing a convenient user experience, SSO dramatically reduces the number of credentials in use and helps to ensure that security policies are consistently applied across all of an organization’s applications, since the policies can be enforced at an organization’s Identity Provider (IdP).
Now that Identity has emerged as the primary enterprise security entry point, and with organizations deploying more apps than ever before, SSO is needed more than ever.
Simplifying SSO configuration saves time, reduces errors, and manages information risk
Self-service SSO refers to a flow that allows your business customers to set up and edit SSO connections themselves.
This capability delivers several valuable benefits, including:
- Saving time for everyone: Building Identity solutions isn’t your core business, and any time spent doing so pulls your team from product extension and innovation. With Self-Service SSO, your developers can focus more on your product instead of SSO integrations.
- Reducing the potential for errors: Manually configuring SSO introduces the risk of errors that impede productivity and undermine security. Self-Service SSO keeps manual tasks to a bare minimum.
- Eliminating the need to share sensitive information: Configuring SSO often requires the ISV and the business customer to share sensitive information (e.g., client IDs, SAML certificates, etc.), but Self-Service SSO eliminates these exchanges.
How Self-Service SSO Works
Self-Service SSO requires minimal configuration in your Auth0 tenant and provides your customers with a setup assistant that guides them through the enablement process. After a customer completes their setup, the SSO integration is automatically added to your tenant as an Enterprise connection.
Diving a little more deeply, Self-Service SSO uses three components to delegate setup to your customers:
- Self-Service profile: Defines key elements of customer SSO implementations, such as the IdPs they can use for SSO and which user attributes they must capture (e.g., email address)
- Self-Service access ticket: Grants customer admins access to the SSO setup assistant and sets specific details for their resulting SSO integration
- SSO setup assistant: A Self-Service Wizard that guides customer admins through the SSO setup process — enabling your business customers’ administrators to create, edit, and test SSO connections
You also benefit from additional observability features, including new tenant logs to monitor ticket consumption and the creation and enablement of connections; you can monitor logs to promptly initiate any tasks once the connection has been created.
At a high level, the Self-Service SSO workflow includes the following tasks:
- You (the Auth0 by Okta customer) create a self-service profile in your tenant using the Auth0 Dashboard or the Management API.
- Next, you use the Management API to create a self-service access ticket that allows customer admins to configure SSO.
- You retrieve the ticket URL from the asset created in Step 2 and send this link to your customer admin.
- Your customer admin launches the SSO setup assistant and follows the steps provided to create an application with their identity provider.
- After the customer completes their setup, the SSO integration is automatically added to your tenant as an Enterprise connection.
Getting Started
As enterprises continue to adopt best-of-breed tools, IT and security leaders will increase their focus on access management strategies, like SSO, that can simultaneously support productivity and contribute to a strong security posture.
Whether you include SSO within your base product or offer it as a premium add-on, Self-Service SSO enhances your overall value proposition.
By empowering your customers to configure their own SSO integrations with your app, you can streamline your onboarding process and grant them more autonomy over their sign-on experience — while reducing the time and costs associated with managing SSO across your customer base.
If you’d like to learn more about this new feature, we invite you to peruse the Self-Service Single Sign-On documentation.
Want to launch a B2B SaaS application quickly? Check out our reference application, SaaStart,, a complete, working example of how to implement SaaS Identity with Auth0, built with the most popular frameworks developers use today. You can gain hands-on experience on Self-Service SSO and other essential CIAM features and quickly deploy a sample Auth0 template directly within the SaaStart repo or from our new integration in the Vercel marketplace.
About the author
Eric Wu
Product Marketing Manager - Customer Identity Cloud