Nailing the Security Audit with RRCU

ConductorOne docs

Set up a Auth0 connector

ConductorOne provides identity governance and just-in-time provisioning for Auth0. Integrate your Auth0 instance with ConductorOne to run user access reviews (UARs) and enable just-in-time access requests.

Capabilities

  • Sync user identities from Auth0 to ConductorOne

  • Resources supported:

    • Roles
    • Organizations

Add a new Auth0 connector

This task requires either the Connector Administrator or Super Administrator role in ConductorOne.

  1. In ConductorOne, click Connectors > Add connector.

  2. Search for Auth0 and click Add.

    Don’t see the Auth0 connector? Reach out to support@conductorone.com to add Auth0 to your Connectors page.

  1. Choose how to set up the new Auth0 connector:

    • Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren’t yet managed with ConductorOne)

    • Add the connector to a managed app (select from the list of existing managed apps)

    • Create a new managed app

    Do you SSO into Auth0 using your identity, SSO, or federation provider? If so, make sure to add the connector to the unmanaged Auth0 app that was created automatically when you integrated your provider with ConductorOne, rather than creating a new managed app.

  1. Set the owner for this connector. You can manage the connector yourself, or choose someone else. Setting multiple owners is allowed.

    An Auth0 connector owner must have the following permissions:

    • Connector Administrator or Super Administrator role in ConductorOne
    • Ability to create a new application in Auth0
  1. Click Next.

Next steps

  • If you are the connector owner, proceed to Configure your Auth0 connector.

  • If someone else is the connector owner, ConductorOne will notify them by email that their help is needed to complete the setup process.

Configure your Auth0 connector

A user with the ability to create a new application in Auth0 and the Connector Administrator or Super Administrator role in ConductorOne must perform this task.

Step 1: Generate Auth0 credentials

  1. In Auth0, navigate to Dashboard > Applications > Applications and click Create Application.

  2. Give the new application a name, such as “ConductorOne”.

  3. Select the Machine to Machine Applications option and click Create.

  4. Select the management API for your domain.

  5. Give the application’s access token the following permissions:

    • read:users
    • read:grants
    • read:organizations
    • read:organization_members
    • read:roles
    • read:role_members

  6. Click Authorize.

  7. On the Application Settings page, click Settings.

  8. Carefully copy and save the Client ID and Client Secret for the application. We’ll use these in the next step.

Step 2: Add Auth0 credentials to ConductorOne

  1. In ConductorOne, navigate to the Auth0 connector by either:

    • Clicking the Set up connector link in the email you received about configuring the connector.

    • Navigate to Connectors > Auth0 (if there is more than one Auth0 listed, click the one with your name listed as owner and the status Not connected).

  2. Find the Settings area of the page and click Edit.

  3. In the Base URL field, enter the base URL for your Auth0 instance.

  4. In the Client ID and Client Secret fields, enter the credentials you generated in Step 1.

  5. Click Save.

  6. The connector’s label changes to Syncing, followed by Connected. View the logs to ensure that information is syncing.

That’s it! Your Auth0 connector is now pulling access data into ConductorOne.