Connecting to Auth0
Auth0 is a platform for managing online identities, authentication, and authorization. AtScale recommends using Auth0 when your organization leverages their platform for all of their applications in place of an LDAP server.
Here is an overview of the steps for setting up Auth0 authentication. First, in Auth0 you should create an account, set up tenant, users, and roles, create an application, set database connection, and setup API settings. Then in AtScale you configure a directory and map roles.
Prerequisites
- You are familiar with setting up Auth0. For details, see auth0.com/docs.
- Your user account in AtScale is assigned to the Organization Admin or Super User role. For details, see Assigning Individual Users to Roles.
Setting up Auth0
Note: In case you have already completed some of the actions listed in this section you can omit the corresponding steps.
-
Create account in Auth0.
-
Set up users and roles:
- Create a tenant.
- Create one ore more users in User Management > Users.
- Create one ore more roles in User Management > Roles.
- Assign roles to users as needed.
-
Create an application:
- Start creating a new application in Applications > Applications.
- Enter name and description as needed.
- Set the Machine to Machine type.
- In the Settings tab, go Advanced Settings and select all types in the Grants section.
- Save the application.
-
Configure the database connection:
- Go to Authentication > Database and copy the name of the Username-Password-Authentication database connection.
- In the Dashboard, open the menu for your tenant and choose Settings.
- In the General tab, go to the API Authorization Settings section and paste the database connection name in Default Directory field.
- Save your changes.
-
Setup APIs:
- Choose Applications > APIs > Auth0 Management API.
- Choose the Machine to Machine Applications tab.
- Locate the application you created above, set it to Authorized, and select all permissions.
- Save your changes.
-
Copy the application details:
- Go to Applications > Applications and open the application you created above.
- Copy and store the following application details: domain, client ID, client secret.
Setting up AtScale
First, you need to set up the directory:
-
Log in to AtScale, go to Security, and choose Directory > Setup on the left.
-
In the Type of Directory Service on the right, choose Auth0 Directory.
-
Enter the domain, client ID, and client secret you copied from Auth0, and choose Save.
-
Test the directory:
- Choose Test Configuration on the left.
- Enter the user name and password of one of the users you created in Auth0.
- Choose Test; on success, you should see user's details displayed below.
Now you should map users:
- Choose Mappings on the left.
- In the Directory Group column on the right, enter one of the roles you created in Auth0.
- In the AtScale Role column, enter the AtScale role to which the specified Auth0 role should be mapped.
- Choose Add.
- Repeat the steps above for other Auth0 roles as needed.
Finally, you can check the results by trying to log in to AtScale with some of the users whose Auth0 role is mapped.