API Endpoints for Single Sign-On
When implementing Single Sign-on (SS0) and configuring its settings, the following API endpoints will be helpful to you.
Authentication API endpoints
POST /login/callback
For SSO flows initiated by an Identity Provider (IdP), the POST /login/callback endpoint can accept a sign-on SAML request from the identity provider.
Management API
The Management API features several endpoints designed to help you manage SSO.
To call any of the Management API endpoints, you will need to obtain an Access Token.
Clients
All of your client applications/SSO integrations feature information relevant to your SSO implementation. You can retrieve or change this information by calling one of the Clients endpoints.
Of-interest parameters for each client include:
sso
: Flag applicable only for clients created via SSO integrations. Iftrue
, Auth0 handles SSO; iffalse
, the IdP handles SSO.sso_disabled
: Flag used to enable/disable SSO. Iftrue
, then SSO is disabled; iffalse
, SSO is enabled. This option can only be set via the Management API.app_type
: Application type. If the client was created using one of Auth0's built-in SSO integrations, the name of the SSO integration would be listed (e.g.,box
orconcur
instead ofnative
orspa
)
Get all clients
The GET /api/v2/clients endpoint can be used to return information about the client applications you have configured for your tenant.
Create a client
The POST /api/v2/clients endpoint can be used to create a new client application.
Get a client
The GET /api/v2/clients/{id} endpoint can be used to return information about a specific client you have configured for your tenant.
Update a client
The PATCH /api/v2/clients/{id} endpoint can be used to update a specific client, including its SSO-related parameters.
Tenants
Auth0 allows you to control the following tenant-level parameters that may affect your SSO implementation:
session_lifetime
: Length of time for which the user's Auth0 session will stay valid.idle_session_lifetime
: Amount of time that may elapse before the user must sign in again due to inactivity.
Get tenant settings
The GET /api/v2/tenants/settings endpoint retrieves the settings for your tenant.
Update tenant settings
The POST /api/v2/connections endpoint allows you to update your tenant settings.