Set up SAML with Auth0#

SAML ( Security Assertion Markup Language ) is a standard for exchanging authentication and authorization data between an identity provider and a service provider. To read more about SAML check the dedicated page.

The following is the procedure to setup SAML with Auth0.

Prerequisite steps in Aiven#

  1. Login to the Aiven Console

2. Under Projects in the top left, click the drop down arrow and then on See All Accounts

  1. Click on the Account you want to edit or create a new one

  2. Select the Authentication tab

5. Create a new Authentication Method, call it Auth0 (or similar), select Method Type to be SAML, and then choose the team to add invited people to (or leave it blank)

  1. Be sure to make a note of the configuration URLs (metadata URL and ACS URL)

Note

At this point, the state will be Pending Configuration.

Setup on Auth0#

  1. Register for an Auth0 account or sign into your existing Auth0 account

  2. Select Applications and then Create Application

  3. Give your application a name (for example, “Aiven App”), choose Regular Web Applications, and hit Create

  1. Once your application has been created, go to the Addons tab and enable SAML 2 WEB APP option

  2. Click on the SAML 2 WEB APP option to open the Settings tab

  3. Set the Application Callback URL to the ACS URL provided by the Aiven Console

  4. Under the Application Callback URL, in the Settings section, remove existing configuration and add the following field mapping configuration:

{
  "email": "email",
  "first_name": "first_name",
  "identity": "email",
  "last_name": "last_name"
  "mapUnknownClaimsAsIs": true
}
  1. Once done, click Enable and Save

  2. From the Usage tab, make a note of the Identity Provider Login URL (This will need to be copied into the SAML configuration in the Aiven Console)

  3. You will also need the Issuer URN (we refer to it as the Entity ID) and the Identity Provider Certificate

Finish the configuration in Aiven#

  1. From the Aiven console Authentication tab, click on Set SAML configuration

  2. Set the SAML IDP URL as the Identity Provider Login URL from Auth0

  3. Set the SAML Entity ID as the Issuer from Auth0 (example: urn:dev-i-fiqy2a.us.auth0.com)

  4. Paste the certificate from Auth0 into SAML Certificate

  5. Save that and you are good to go! Make sure the authentication method is enabled and you can then use the Signup URL to invite new people and Account link URL for those that already have an Aiven login.

If you have issues, you can use the SAML Tracer browser extension to check the process step by step. The errors shown in the tracker should help you to debug the issues. If it does not work, you can request help by sending an email at support@Aiven.io.