Skip to main content

Auth0 SSO

Files.com supports Single Sign-On with Auth0 using either SAML or OpenID Connect. We recommend opting for SAML whenever possible, as it is a more robust integration technology that accommodates a broader range of use cases. Both sets of instructions are provided here.

Adding Files.com in Auth0 via OpenID Connect

After logging in to your Auth0 account as an administrator, navigate to Applications and click the Create Application button.

Click to select the Regular Web Applications application type, and click the Create button.

Click the Settings tab of the newly created application, and enter the URL https://app.files.com/login_from_oauth?provider=auth0 in the Allowed Callback URLs field.

Click the Save Changes button to apply the change. Next, click the copy icon next to the Client ID to copy it. Keep this browser tab open, as you'll be returning here to copy the Client Secret later.

Adding Auth0 in Files.com via OpenID Connect

Log in to your Files.com account as a site administrator. Type "SSO Providers" in the search box at the top of every page, then click the matching result. Scroll to the SSO Providers section, and click the Add provider button. Click to select the Auth0 provider.

In the Add provider form, enter your Auth0 subdomain into the Subdomain field, and paste the Client ID you copied in the previous step into the Client ID field.

Back in Auth0, click the copy icon next to the Client Secret to copy it, and paste it into the Client secret field in Files.com. Lastly, click the Save button to apply the change.

The Auth0 SSO method will now be available when assigning an authentication method for a user in Files.com, and the Sign in with Auth0 button will be displayed on your site's login page.

Adding Files.com in Auth0 via SAML

After logging in to your Auth0 account as an administrator, navigate to Dashboard -> Applications -> Applications and select Create Application.

Select the option for Regular Web Application, provide your application with a name, and click on Create.

Next, navigate to Addons, enable the SAML2 Web Application toggle. Navigate to Addon: SAML2 Web App -> Settings, for the Application Callback URL enter https://app.files.com/saml/consume and scroll to the bottom of this window to press Enable.

Next, navigate to Addon: SAML2 Web App -> Usage, and click to download the Identity Provider Metadata this will be used to connect to your Files.com site.

Adding Auth0 in Files.com via SAML

Type "SSO Providers" in the search box at the top of every page, and then click on the matching result. Click the Add provider button. Click to select the Auth0 provider.

In the Add provider form, select the Use SAML option, and under Connect to SAML provider via, select Metadata XML file, and upload the XML file you had downloaded for the Identity Provider Metadata via Auth0.

Lastly, click the Save button to apply the change.

The Auth0 SSO method will now be available when assigning an authentication method for a user in Files.com, and the Sign in with Auth0 button will be displayed on your site's login page.

It is strongly recommended to keep at least one site administrator with the password option as the authentication method, rather than assigning all to SSO, to prevent being locked out of Files.com in case of IdP or SSO issues.

Provisioning Users Automatically

There are 2 primary methods for automatically provisioning users through Auth0: SCIM provisioning and Just-In-Time (JIT) provisioning. SCIM provisioning involves the systematic synchronization of user data between your identity provider and Files.com, ensuring consistent and up-to-date user records. On the other hand, Just-In-Time (JIT) provisioning operates by creating user records on Files.com at the moment of their initial successful login, offering a more immediate approach. These two mechanisms provide flexibility in managing user provisioning based on your specific requirements and preferences within the Auth0 environment.

SCIM Provisioning

SCIM Provisioning is a standard that allows your Users to be automatically provisioned in Files.com from Auth0. Note that SCIM provisioning only works with SAML based integration with AuthO.

Input the following settings into Auth0 for SCIM:

FieldValue
SCIM connector base URLhttps://app.files.com/api/scim
Authentication ModeBasic Auth
Basic Auth Username and PasswordEnter a username and password of your choice

The username and password entered for Basic Auth will also need to be added as the SCIM username and password in Files.com in the settings for your Auth0 SSO Provider. Type "SSO Providers" in the search box at the top of every page and then click on the matching result. Locate your Auth0 provider entry and edit the settings to set Enable automatic user provisioning via SCIM? to Basic in Files.com.

After setting the above, your Auth0 users assigned to the Files.com application in Auth0 will be provisioned to Files.com and should be able to log in to Files.com via SSO.

Just-In-Time (JIT) Provisioning

JIT Provisioning operates by generating user records on Files.com upon their initial successful login. While this method is simpler than SCIM, it does have limitations. For instance, JIT can provision users but lacks the ability to delete or disable them. Files.com will automatically use Just-In-Time (JIT) Provisioning if you don't set up SCIM.

IdP-Initiated Single Sign On (SSO)

The typical login process for SSO on Files.com involves the user navigating to your Files.com site and then clicking a button to be redirected to Auth0. This is the most secure process and is the process that we primarily recommend.

In certain application or enterprise scenarios, it is sometimes preferred to have the SSO process begin at Auth0 (the identify provider, or "IdP"). For example, you might set up an Auth0 based portal and then allow users to navigate to Files.com from there.

IdP-Initiated flows carry a security risk and are therefore not recommended, however they are supported. Make sure you understand the risks before enabling IdP-Initiated SSO. Auth0 has a guideExternal LinkThis link leads to an external website and will open in a new tab for setting up IdP-Initiated SSO.

First, ensure your connection between Auth0 and Files.com is set up as SAML as opposed to OpenID Connect. Then, follow the directions in the Auth0 guide and select SAML as the Response Protocol for the connection.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.