> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> Regular web app scenario configuration for Auth0

# Auth0 Configuration (Web Apps + SSO)

In this section, we will review all the configurations we need to apply using the [Auth0 Dashboard](https://manage.auth0.com/#).

## Application

The Auth0 configuration part starts with registering the timesheets app at the <Tooltip tip="Auth0 Dashboard: Auth0's main product to configure your services." cta="View Glossary" href="/docs/glossary?term=Auth0+dashboard">Auth0 dashboard</Tooltip> as an **application**. An application is making protected resource requests on behalf of the <Tooltip tip="Resource Owner: Entity (such as a user or application) capable of granting access to a protected resource." cta="View Glossary" href="/docs/glossary?term=resource+owner">resource owner</Tooltip> (end-user).

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  The term "application" does not imply any particular implementation characteristics. An application can be a web app, a mobile app or an SPA. In the case of ExampleCo it is a ASP.NET Core web app.
</Callout>

The main characteristics of an application in Auth0 are:

* **Name**: The canonical name of the application. This is used to identify the application at the portal, emails, logs, and more.
* **<Tooltip tip="Client ID: Identification value given to your registered resource from Auth0." cta="View Glossary" href="/docs/glossary?term=Client+ID">Client ID</Tooltip>** (read-only): The unique identifier for the application. This is the ID used in the application when setting up authentication with Auth0. It is an auto-generated alphanumeric string.
* **<Tooltip tip="Client Secret: Secret used by a client (application) to authenticate with the Authorization Server; it should be known to only the client and the Authorization Server and must be sufficiently random to not be guessable." cta="View Glossary" href="/docs/glossary?term=Client+secret">Client secret</Tooltip>** (read-only): A string used to sign and validate tokens which will be used in the different authentication flows. It is auto-generated and it must be kept confidential.
* **Domain**: The domain name assigned to the Auth0 account. The format of the domain is `{account-name}.auth0.com` or `{account-name}.{location}.auth0.com`, for example `ExampleCo.auth0.com`.
* **Callback URL**: The URL where the user is redirected after they authenticate.

### Create an Application

ExampleCo's scenario involves only one application: the timesheets web app. Hence we have to configure one Application at Auth0 side.

To register a database connection, go to the [Dashboard](https://manage.auth0.com/#) and in the side navigation select [Applications](https://manage.auth0.com/#/applications).

Click on the button **+ Create Application**. You will be prompted for the name and the type of the application. We will name our application `Timesheet-App` and select `Regular Web Applications` as the application type.

When you click **Create** you will be navigated to the [Quick Start view](https://manage.auth0.com/#/applications/\{yourClientId}/quickstart). Here you can pick the technology you plan on using to build your app and the relevant how-to quickstart will be displayed.

The other available views are:

* [Settings](https://manage.auth0.com/#/applications/\{yourClientId}/settings)
* [Addons](https://manage.auth0.com/#/applications/\{yourClientId}/addons)
* [Connections](https://manage.auth0.com/#/applications/\{yourClientId}/connections)

### Configure Callback URLs

The **Allowed Callback URLs** field contains the URL(s) where Auth0 will redirect to after the user has authenticated in order for the <Tooltip tip="OpenID: Open standard for authentication that allows applications to verify users' identities without collecting and storing login information." cta="View Glossary" href="/docs/glossary?term=OpenID">OpenID</Tooltip> Connect (OIDC) to complete the authentication process. You can specify multiple valid URLs by comma-separating them. You can use the star symbol as a wildcard for subdomains, for example `*.google.com`. Make sure to specify the protocol, `http://` or `https://`, otherwise the callback may fail in some cases.

The Callback URL for our sample project is `http://localhost:5000/signin-auth0`. Go ahead and set this value to the **Allowed Callback URLs** field if you plan on using our sample, otherwise add the URL you chose to deploy your application to.

## Connections

The next step is to configure the <Tooltip tip="Identity Provider (IdP): Service that stores and manages digital identities." cta="View Glossary" href="/docs/glossary?term=identity+providers">identity providers</Tooltip> that will be used for authentication at the web app. Each identity provides maps to a **connection** in Auth0. Each application needs at least one connection, and each connection can be used for more than one application.

ExampleCo needs to configure two connections: one Active Directory connection for the internal employees, and one Database connection for external parties.

<Info>
  ### Supported identity providers

  Auth0 supports a vast variety of protocols and identity providers:

  * Social: Allow your users to log in using Google, Facebook, LinkedIn, Github, and many more.
  * Enterprise: Allow your users to log in using Active Directory, ADFS, LDAP, <Tooltip tip="Security Assertion Markup Language (SAML): Standardized protocol allowing two parties to exchange authentication information without a password." cta="View Glossary" href="/docs/glossary?term=SAML-P">SAML-P</Tooltip>, and many more.
  * Database connections: Create your own user store by configuring a new database connection, and authenticate your users using email/username and password. The credentials can be securely stored either in the Auth0 user store, or in your own database.
  * <Tooltip tip="Passwordless: Form of authentication that does not rely on a password as the first factor." cta="View Glossary" href="/docs/glossary?term=Passwordless">Passwordless</Tooltip> authentication: Allow your users to login without the need to remember a password and use an authentication channel like SMS or email.
</Info>

### Create a database connection

To register a database connection, follow the steps below:

1. On the [Dashboard](https://manage.auth0.com/#), navigate to **Authentication > Database**.
2. Select **+ Create DB Connection**. On the prompt, enter a name for the connection and configure additional requirements as needed.
3. Review the prompt for accuracy, then select **Create**.

After you create the database connection, you must enable your applications for the connection. An application must be enabled for the connection in order for users to access that application using the connection. To enable your applications, navigate to the Applications tab of the new connection and enable the toggle for each application that requires use of the connection.

For more information on database connections refer to [Database Identity Providers](/docs/authenticate/database-connections).

### Create an Active Directory / LDAP Connection

Next, configure your Active Directory / LDAP connection. On the [Auth0 Dashboard](https://manage.auth0.com/#), navigate to **Authentication > Enterprise**.

There you need to create the AD / LDAP connection and install the AD Connector. You can find details in these documents:

* [How to connect your Active Directory with Auth0](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap)
* [How to install the Active Directory/LDAP Connector](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector)

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  The AD/LDAP Connector, is a bridge between your Active Directory and the Auth0 Service. This bridge is necessary because AD is typically locked down to your internal network, and Auth0 is a cloud service running on a completely different context. [More information](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector)
</Callout>

Once you have configured the connection and the connector, be sure to enable your application to use this AD / LDAP connection:

<Info>
  ### Kerberos support

  The AD/LDAP connector supports Kerberos to make it easer for your users to authenticate when they are on a domain-joined machine within the corporate network. To activate Kerberos on an Active Directory you have to simply enable the option in the dashboard. After enabling Kerberos you'll also be able to configure the **IP Ranges**. When users originate from these IP address ranges this information will be exposed in the SSO endpoint which means client-side SDKs like auth0.js and the Lock will be able to detect Kerberos support and allow Integrated Windows Authentication.
  [More information](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/configure-ad-ldap-connector-with-kerberos)

  <Callout icon="file-lines" color="#0EA5E9" iconType="regular">
    If you enable Kerberos then you need to make some changes to the AD/LDAP's configuration file. For details refer to: [Modify the AD/LDAP Connector Settings](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/ad-ldap-connector-to-auth0).
  </Callout>
</Info>

Now that we have designed our solution and discussed the configurations needed on Auth0 side, we can proceed with integrating Auth0 with our timesheets web app.