Auth0 is a flexible, drop-in SaaS solution to add authentication and authorization services to your applications, allowing you to avoid the cost, time, and risk of building your own solution to authenticate and authorize users.
Auth0 offers different levels of subscription including Free, Developer, and Developer Pro. Each subscription has different capabilities and options. Its solution works with iOS, Android, and Windows Phone 8 platforms.
In this article we will outline setting up Auth0 as a SAML Identity Provider so that we can utilize Telnyx's Single Sign-On feature.
Additional resources:
Instructions for setting up Auth0 to work with Telnyx's SSO feature
In this activity you will:
Pre-requisites:
Ensure that your Telnyx Mission Command Portal is configured properly
RECOMMENDED: Enable TLS to encrypt your traffic
Create an Organization in the Organization section of the Telnyx Mission Control Portal and make sure you record the Assertion Consumer Service URL
Video Walkthrough
Setting up your Telnyx SIP portal account so you can make and receive calls:
Note: Video walkthrough for Auth0/Telnyx configuration coming soon. Check back as we update our docs. |
1. Create the web application in Auth0
In this section, you will create and configure a SAML web app in Auth0.
Log into to your Auth0 admin dashboard.
In the left-hand navigation, click on Applications, then Applications in the submenu that expands. Click on the purple + Create Application button on the top-right of the page.
On the next page, enter the desired name of your choice and select the Regular Web Applications option from the list.
Click Create.
Scroll to the bottom of the Settings tab and click Advanced Settings.
Select the Certificates tab and click Download Certificates and choose
PEMformat. The certificate will be downloaded to a file calledYOUR_TENANT.pem. Save this file; you will need to upload it when you configure the service provider.Select the Endpoints tab and locate SAML Protocol URL. Copy and save it. You will need it later.
Scroll to the top and select the Addons tab.
Enable the SAML2 Web App toggle.
On the Settings tab, enter the Application Callback URL from the service provider (or application) to which the SAML assertions should be sent after Auth0 has authenticated the user. This is the Assertion Consumer Service (ACS) URL.
Scroll to the bottom of the tab and click Enable.
2. Configure SAML SSO for Telnyx
Go to the SAML Addon "Usage" tab to view the information that you need to configure the service provider application. A pop up window will appear displaying some of the parameters for your SAML app.
Locate "Identity Provider Metadata" link and click "Download" to download the metadata file. You'll need to provide this file to Telnyx so we know how to send SAML-based authentication requests to Auth0.
Organization Section
Next, navigate to your Organization section of the Telnyx Mission Control Portal and create an Organization if you have not already.
Once created, navigate to the Single Sign-On section of the portal and click the green Enable Single Sign-On button.
You will be presented with the following fields. Provide the following information:
Authentication Provider Name and Short Name: These are your choice. Choose names that make sense for you. Please note that the Short Name will be part of the SSO URLs.
IdP Metadata URL: Paste the link you copied from the previous page.
Click on "Import IdP Settings & Save".
Scroll down to the "Authentication Provider Generated Config" section and take note of the values for:
Assertion Consumer Service URL
Service Provider Entity ID
Name Identifier Format.
Navigate back to the Auth0 Admin portal and click on the "Settings" tab.
Use the value generated for "Assertion Consumer Service URL" on the Telnyx Mission Control Portal and paste it in the field "Application Callback URL".
In the "Settings" field below Application Callback URL, you are required to enter a JSON of your Telnyx Portal config settings we received above. To create this JSON, use these values for the fields:
Audience: use the Service Provider Entity ID .
Recipient: use the Assertion Consumer Service URL
nameIdentifierFormat: use the Name Identifier Format
All the other fields can be copied from the example below.
{"audience": "https://apidev.telnyx.com/sso/saml/metadata/SHORTNAME", "recipient": "https://apidev.telnyx.com/sso/saml/auth/SHORTNAME", "signResponse": true, "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "nameIdentifierProbes": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ], "authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"}Once all the values have been entered, scroll down to the bottom and click "Enable".
When you are ready to enable the configs, on the Telnyx Mission Control Portal, click on "Enable Single Sign-On", then "Save Changes".
Your chosen settings are now in effect! This will send all users in your organization an email informing them that SSO is now enabled. Your users will still be able to login using username/password for the next 72 hours. After that, they will be required to use SSO.
Troubleshooting
Q. I'm experiencing difficulty with this configuration!
A. If you experience technical difficulties while attempting to set up your Auth0 SSO with Telnyx, its possible your provider is experiencing outages/maintenance. You can check the status of Auth0's features at https://status.auth0.com/.
Additional Resources
Review our getting started with guide to make sure your Telnyx Mission Control Portal account is setup correctly!
Additionally, check out: