Auth0 Integration

Integrate TigerAccess with Auth0 for developer-friendly identity management, flexible authentication flows, and seamless SSO across your infrastructure.

View Documentation Request Demo

Features

Developer-Friendly Authentication

Leverage Auth0's modern identity platform for seamless and secure infrastructure access.

SSO Integration

Seamless single sign-on with Auth0 using SAML 2.0 or OIDC protocols for unified authentication across your infrastructure.

User Provisioning

Automatic user and group synchronization with SCIM 2.0 support for real-time identity management.

MFA Passthrough

Leverage Auth0's multi-factor authentication including SMS, authenticator apps, WebAuthn, and biometrics.

Actions Integration

Use Auth0 Actions to customize authentication flows, enrich tokens, and enforce custom security policies.

Capabilities

Comprehensive Auth0 Support

SAML 2.0 authentication

OIDC/OAuth 2.0 integration

SCIM 2.0 user provisioning

MFA passthrough support

Auth0 Organizations mapping

Custom claims injection

Actions/Rules integration

Universal Login support

Social identity providers

Passwordless authentication

Device trust verification

Session management

Setup

Get Started in Minutes

Follow these simple steps to integrate TigerAccess with Auth0 for SSO and user provisioning.

Configure Auth0 Application

Create an Auth0 application for TigerAccess with SAML or OIDC settings and configure the callback URLs.

# Auth0 Application Settings
Application Type: Regular Web Application
Token Endpoint Auth: Client Secret Post
Allowed Callback URLs: https://tiger.example.com/v1/webapi/oidc/callback
Allowed Logout URLs: https://tiger.example.com/web/logout
OIDC Conformant: Enabled

Add OIDC Connector

Configure the Auth0 OIDC connector in TigerAccess with your Auth0 domain and application credentials.

tacctl sso configure oidc \
  --name=auth0 \
  --issuer-url=https://your-domain.auth0.com \
  --client-id=YOUR_CLIENT_ID \
  --client-secret=YOUR_CLIENT_SECRET \
  --redirect-url=https://tiger.example.com/v1/webapi/oidc/callback \
  --claims-to-roles='{"groups": "roles"}'

Configure Claims Mapping

Set up Auth0 Actions to add custom claims and map Auth0 organizations/roles to TigerAccess roles.

// Auth0 Action: Add Custom Claims
exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://tigeraccess.io';

  // Add roles claim
  if (event.authorization) {
    api.idToken.setCustomClaim(`${namespace}/roles`,
      event.authorization.roles);
  }

  // Add organization claim
  if (event.organization) {
    api.idToken.setCustomClaim(`${namespace}/org`,
      event.organization.name);
  }
};

Use Cases

Real-World Auth0 Scenarios

Developer Authentication

Enable developers to access production infrastructure using their Auth0 credentials with MFA enforcement and just-in-time access controls.

Multi-Tenant Access

Map Auth0 Organizations to TigerAccess roles and teams for seamless multi-tenant access management with tenant isolation.

Custom Authorization

Use Auth0 Actions to inject custom claims and roles into tokens, enabling fine-grained access control based on your business logic.

Unified Identity

Consolidate identity management across applications and infrastructure with Auth0 as the central identity provider for all access.

FAQ

Frequently Asked Questions

What authentication protocols does TigerAccess support with Auth0?

TigerAccess supports both SAML 2.0 and OIDC/OAuth 2.0 for Auth0 integration. OIDC is recommended for the best developer experience and modern features like custom claims and dynamic scopes.

How does MFA passthrough work with Auth0?

When configured, TigerAccess delegates all authentication to Auth0, including MFA challenges. Users complete MFA in Auth0's Universal Login, and TigerAccess trusts the authentication result. This allows you to use any MFA method supported by Auth0 including SMS, TOTP, WebAuthn, and biometrics.

Can I map Auth0 Organizations to TigerAccess teams?

Yes. TigerAccess can map Auth0 Organizations to teams or roles using custom claims. Configure an Auth0 Action to include organization information in the ID token, then map those claims to TigerAccess roles in the OIDC connector configuration.

How do I provision users automatically from Auth0?

TigerAccess supports SCIM 2.0 for automatic user provisioning. Configure the TigerAccess SCIM endpoint in Auth0, and users/groups will be automatically created, updated, and deactivated based on Auth0 directory changes.

Can I use Auth0 Actions to customize access control?

Yes. Use Auth0 Actions to inject custom claims into tokens based on your business logic. For example, you can add claims based on user attributes, group membership, or external systems, and TigerAccess can use these claims for role mapping and access decisions.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free Trial Contact Sales

No credit card required • 14-day free trial • Enterprise support available