Using Auth0 as your identity provider

Prerequisites

• To connect BigAnimal to Auth0, you must be assigned the Auth0 admin role.

• A unique URL and access code is provided in an email from cloudcare@enterprisedb.com. Contact cloudcare@enterprisedb.com if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. If you have issues with the code or identity provider setup, contact Support.

Set up BigAnimal with Auth0

1. Open the link in the email sent from cloudcare@enterprisedb.com to access the Set Up Identity Provider page in BigAnimal.

2. You will be copying and pasting between BigAnimal and Auth0 so in a separate browser tab or window, log into auth0.com and navigate to the Applications page and select Create Application.

3. In the Create application dialog, enter a name and choose Native as the application type. Select Create.

4. On the Connections tab on the page for your application, enable the toggles for the databases containing your user names (Username-Password-Authentication, GitHub, or Google/Gmail).

5. Select the Settings tab of the page for your application, scroll down, and expand the Advanced Settings section.

6. Select the Certificates tab in Advanced Settings and download the certificate in PEM format.

7. Select the Addon tab on the page for your application and enable the SAML2 Web App toggle.

8. Select the Settings tab on the Addon: SAML2 Web App dialog.

9. Copy the Assertion Consumer Service URL value from BigAnimal and paste it as the Application Callback URL value in Auth0.

10. Copy the Audience URI from the Set Up Identity Provide page in BigAnimal and paste it as the audience value in the Settings field. The following attributions statements may need modification depending on what form of your user names (for example, if the user names come from GitHub, there are no last name and first name fields):

    • <assertion_path>/name

    • <assertion_path>/emailaddress

    • <assertion_path>/surname

    • <assertion_path>/givenname

      Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims.

    Add the following lines after the attribution statements:

    Toggle WrapCopy

    "createUpnClaim": false,
    "passthroughClaimsWithNoMapping": false,
    "mapUnknownClaimsAsIs": false,
    "mapIdentities": false,
    "nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:email",
    "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
    ]

11. Select Enable.

12. Select the Usage tab and copy Identity Provider Login URL.

    Note

    If you have a custom domain, use the custom-domain-based URL rather than your Auth0 domain.

13. On the Setup Config tab of the Set Up Identity Provider page in BigAnimal:

    1. Paste the Identity Provider Login URL you copied from Auth0 in the previous step into the Single Sign-On URL field.
    2. For Identity Provider Signature Certificate, upload the certificate downloaded from Auth0.
    3. Select the appropriate method for Request Binding. We recommend HTTP-POST.
    4. Select the appropriate value for Response Signature Algorithm. Auth0 AD supports rsa-sha256 and rsa-sha1. We recommend rsa-sha256.
    5. Select Test Connection. If the connection is successful, select Sign in to BigAnimal to complete the setup process in the BigAnimal portal.

• On this page
• Prerequisites
• Set up BigAnimal with Auth0