Do you want to use single sign-on in Aurelius? In order to be able to use single sign-on you need to have an already configured Identity Provider on a supported SAML 2.0 authorization management platform. In this article we explain how to do this for Auth0.
Create a new application for SSO in Auth0
1. Go to your Auth0 dashboard and click Create application, or go to Applications and click Create application.
β
2. Under Name type in a relevant name for the new application (Aurelius is recommended as the Application Name) and select Regular Web Applications as application type and click Create.
3. After this you will be redirected to the application overview and go to tab Addons. Switch on SAML2 - WEB APP.
4. In tab Settings of the pop-up add the following details:
Application Callback URL: https://api.aureliuslab.com/v1/saml/assert, it will be used for generating a unique SSO Sign In URL for your users.
Settings:
{
"mappings": {
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
},
"signResponse": true,
"logout": {
"callback": "https://app.aureliuslab.com/",
"slo_enabled": false
}
}
Your email address will be used to confirm your company SSO settings. If this doesn't match your user in Aurelius you will not be able to log in!
5. Scroll down to the bottom of the Settings tab and click Enable.
β
6. Go to the Usage tab and download the Identity Provider Metadata. As a result an XML file will be downloaded.
7. After this Sign In to Aurelius and go to Settings > Manage Single Sign-On. Here you can enter your SSO Login URL (Identity Provider Login URL in Auth0), SSO Logout URL (append /logout to the Login URL), and Certificates (you'll need open the Metadata to get that). You can also click Enforce SSO Only so that users can no longer sign in with passwords via Aurelius and will be restricted to SSO Only. Also copy the Metadata URL.
β
Here is an example:
Important: You must invite users within Aurelius before they can use SSO.
Important: It is only possible to change a user's role within Aurelius after they are invited to your company. If you select a role that has restricted access to you will have to change users manually within Aurelius.