In this section, we will review all the configurations we need to apply using the Auth0 Dashboard.

Application

The Auth0 configuration part starts with registering the timesheets app at the as an application. An application is making protected resource requests on behalf of the (end-user).
The term “application” does not imply any particular implementation characteristics. An application can be a web app, a mobile app or an SPA. In the case of ExampleCo it is a ASP.NET Core web app.
The main characteristics of an application in Auth0 are:
  • Name: The canonical name of the application. This is used to identify the application at the portal, emails, logs, and more.
  • (read-only): The unique identifier for the application. This is the ID used in the application when setting up authentication with Auth0. It is an auto-generated alphanumeric string.
  • (read-only): A string used to sign and validate tokens which will be used in the different authentication flows. It is auto-generated and it must be kept confidential.
  • Domain: The domain name assigned to the Auth0 account. The format of the domain is {account-name}.auth0.com or {account-name}.{location}.auth0.com, for example ExampleCo.auth0.com.
  • Callback URL: The URL where the user is redirected after they authenticate.

Create an Application

ExampleCo’s scenario involves only one application: the timesheets web app. Hence we have to configure one Application at Auth0 side. To register a database connection, go to the Dashboard and in the side navigation select Applications. Click on the button + Create Application. You will be prompted for the name and the type of the application. We will name our application Timesheet-App and select Regular Web Applications as the application type. When you click Create you will be navigated to the Quick Start view. Here you can pick the technology you plan on using to build your app and the relevant how-to quickstart will be displayed. The other available views are:

Configure Callback URLs

The Allowed Callback URLs field contains the URL(s) where Auth0 will redirect to after the user has authenticated in order for the  Connect (OIDC) to complete the authentication process. You can specify multiple valid URLs by comma-separating them. You can use the star symbol as a wildcard for subdomains, for example *.google.com. Make sure to specify the protocol, http:// or https://, otherwise the callback may fail in some cases. The Callback URL for our sample project is http://localhost:5000/signin-auth0. Go ahead and set this value to the Allowed Callback URLs field if you plan on using our sample, otherwise add the URL you chose to deploy your application to.

Connections

The next step is to configure the that will be used for authentication at the web app. Each identity provides maps to a connection in Auth0. Each application needs at least one connection, and each connection can be used for more than one application. ExampleCo needs to configure two connections: one Active Directory connection for the internal employees, and one Database connection for external parties.

Supported identity providers

Auth0 supports a vast variety of protocols and identity providers:
  • Social: Allow your users to log in using Google, Facebook, LinkedIn, Github, and many more.
  • Enterprise: Allow your users to log in using Active Directory, ADFS, LDAP, , and many more.
  • Database connections: Create your own user store by configuring a new database connection, and authenticate your users using email/username and password. The credentials can be securely stored either in the Auth0 user store, or in your own database.
  • authentication: Allow your users to login without the need to remember a password and use an authentication channel like SMS or email.

Create a database connection

To register a database connection, follow the steps below:
  1. On the Dashboard, navigate to Authentication > Database.
  2. Select + Create DB Connection. On the prompt, enter a name for the connection and configure additional requirements as needed.
  3. Review the prompt for accuracy, then select Create.
After you create the database connection, you must enable your applications for the connection. An application must be enabled for the connection in order for users to access that application using the connection. To enable your applications, navigate to the Applications tab of the new connection and enable the toggle for each application that requires use of the connection. For more information on database connections refer to Database Identity Providers.

Create an Active Directory / LDAP Connection

Next, configure your Active Directory / LDAP connection. On the Auth0 Dashboard, navigate to Authentication > Enterprise. There you need to create the AD / LDAP connection and install the AD Connector. You can find details in these documents:
The AD/LDAP Connector, is a bridge between your Active Directory and the Auth0 Service. This bridge is necessary because AD is typically locked down to your internal network, and Auth0 is a cloud service running on a completely different context. More information
Once you have configured the connection and the connector, be sure to enable your application to use this AD / LDAP connection:

Kerberos support

The AD/LDAP connector supports Kerberos to make it easer for your users to authenticate when they are on a domain-joined machine within the corporate network. To activate Kerberos on an Active Directory you have to simply enable the option in the dashboard. After enabling Kerberos you’ll also be able to configure the IP Ranges. When users originate from these IP address ranges this information will be exposed in the SSO endpoint which means client-side SDKs like auth0.js and the Lock will be able to detect Kerberos support and allow Integrated Windows Authentication. More information
If you enable Kerberos then you need to make some changes to the AD/LDAP’s configuration file. For details refer to: Modify the AD/LDAP Connector Settings.
Now that we have designed our solution and discussed the configurations needed on Auth0 side, we can proceed with integrating Auth0 with our timesheets web app.