Follow

Auth0 SAML

This article will detail how you can use Auth0 SAML with your FTP Today account.

You will need two browser windows/tabs for these steps.

Create the Identity Service at FTP Today

Log into your FTP Today Site.  Navigate to Settings > Authentication > Identity Service. Click on Add Service.

Picture1.png

Enter a name for the New Service and select “Auth0 SAML” as the provider and Save.

Picture2.png

Create the Application at Auth0      

On your FTP Today Site, locate the configuration information.

Picture3.png

Log into your Auth0 portal. Select SSO Integrations and Create SSO Integration.

Picture4.png

Enter a name for the application, select Regular Web Applications and Create.

Picture5.png

Select the configuration (ellipsis) for the application you created and select Settings.

Picture6.png

Copy the Logo URL from your FTP Today Site to the Application Logo field and Save Changes.

Picture7.png

Select Addons then enable the SAML2 Web App Addon.

Picture8.png

Copy the Application Callback URL from your FTP Today site to the Auth0 site and Enable.

Picture9.png

Picture10.png

Select Empty rule

Picture11.png

Enter a name for the rule, enter this rule and Save changes.

function (user, context, callback) { 
    context.samlConfiguration.mappings = {
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "upn"
    };
    callback(null, user, context);
}

Picture12.png

Configure the Identity Service at FTP Today

Continuing in the Auth0 portal, select Usage. Locate the Identity Provider Metadata. Right click on the Download and select Copy link.

Picture13.png

Select “I want to use a Metadata URL to set this configuration.”, paste the Download link as the Metadata URL and Save.

Picture14.png

Assign the user to the application at AzAuth0

Not required.

Add the user at FTP Today

In your FTP Today site, navigate to the Users area and select Add User.

Picture15.png

Enter the username as set up in the Auth0 service and select the Auth0 SAML service you created.  Complete the rest of the fields as needed and Save.

Picture16.png

Auth0 supports an advanced security feature that offers further user verification. You may register the user with a unique identifier from Auth0.  In addition to matching the User Name to identify the user, we will match the Auth0 ID for that user. 

When setting up the user, navigate to the user at Auth0, locate the user_id and copy the part after “auth0|”.

Picture17.png

Include that value as the IdP User Unique Identifier when you create the user.

Picture18.png

If the user already exists in your FTP Today site, you may change these settings on the Authentication tab for the user.

User access through FTP Today

Navigate to the site and enter the username and click Next.

Picture19.png

There will be a brief “Authenticating” message. 

Picture20.png

If the user does not have an open session with Auth0, they will have to authenticate.

Picture21.png

The user will now be logged into your FTP Today Site.

Ending the session

When done, the user may log out of the FTP Today site or allow the session to expire.  This will not log the user out of Auth0 or any other services authenticated through Auth0. 

The session timeout on the FTP Today Site may log the user out of the site even if they are still logged in at Auth0.  In that case, after reentering their username they will be immediately authenticated to the site.

Encrypting the SAML response

This is an advanced setting required for FIPS compliance. At your FTP Today Site, navigate to the Identity Service, toggle the “Encrypt Assertion” to on and Save.

Picture22.png

You will now see an Encryption Certificate link near the page bottom.

Picture23.png

Consult https://auth0.com/docs/protocols/saml-configuration-options/sign-and-encrypt-saml-requests to configure Auth0.