Enhance SSO documentation for Auth0 by adding SAML configuration details and troubleshooting sections. Update Azure and Okta documentation to replace 'Entity ID' with 'Issuer URL' for clarity. This improves user guidance for SSO setup across multiple providers.

apps/docs/content/docs/core/enterprise/sso/auth0.mdx

@@ -1,8 +1,10 @@
 ---
 title: Auth0
-description: Configure SSO with Auth0
+description: Configure SSO with Auth0 (OIDC or SAML)
 ---
 
+<Tabs items={['SSO (OIDC)', 'SAML']}>
+<Tab value="SSO (OIDC)">
 
 ## 1. Create an application in Auth0
 
@@ -35,10 +37,71 @@ description: Configure SSO with Auth0
    - `https://your-dokploy-domain.com`
 5. Save changes.
 
-## Troubleshooting
+## Troubleshooting (OIDC)
 
 - **Redirect URI mismatch** — Ensure the callback URL in Dokploy matches exactly what is configured in Auth0 (including protocol and path).
 - **Invalid client** — Double-check Client ID and Client Secret, and that the application is a web application.
 - **Scopes** — Ensure Auth0 is configured to return `openid` and, if required, `email` and `profile`.
 
+</Tab>
+<Tab value="SAML">
+
+## 1. Create a SAML application in Auth0
+
+1. Log in to the [Auth0 Dashboard](https://manage.auth0.com/).
+2. Go to **Applications** → **Applications** → **Create Application**.
+3. Choose **Regular Web Application** and create it.
+4. In the application, go to **Add Ons** → enable **SAML 2 Web App** and configure it, in the settings specify this callback URL: `https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml`.
+5. Next & Save.
+
+## 2. Configure Dokploy
+
+1. In Dokploy, go to **Settings** (or **Organization** / **Security** in Enterprise).
+2. Enable **SSO** and choose **SAML**.
+3. Enter:
+   - **Provider**: myorg-name-auth0-saml (unique name for this provider)
+   - **Issuer URL**: the Auth0 SAML Entity ID / Issuer located in `Add Ons` tab called `SAML 2 Web App` called `Entity ID` (e.g. `urn:auth0:your-tenant:your-app`)
+   - **SSO URL**: the Auth0 SAML Single Sign-On URL located in `Add Ons` tab called `SAML 2 Web App` called `Single Sign-On URL` (e.g. `https://dev-ladsadb.us.auth0.com/samlp/wgJe9bWmwhVnuAC7eNtyUsiou4b6wxuf`)
+   - **Certificate**: download the certificate active (x509) from the `Add Ons` tab called `SAML 2 Web App` called `Identity Provider Certificate` and paste it in the `Certificate` field.
+   - **Federation Metadata XML**: copy the Identity Provider Metadata XML from the certificate active and paste it in the `Metadata XML` field.
+   - **Domain**: the domain users use to authenticate via Auth0 (e.g. your organization domain like `acme.com`), not the Dokploy instance URL
+4. Save.
+
+## 3. Configure Auth0 (SAML)
+
+1. In your Auth0 SAML application, set the **Application Callback URL** (ACS URL) to your Dokploy SAML ACS URL, for example:
+   - `https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml`
+2. In the **SAML 2 Web App** add-on, open **Settings** and paste the following JSON in the **Settings** (Application Settings) field. Replace `https://your-dokploy-domain.com` with your Dokploy base URL and `myorg-name-auth0-saml` with the **exact same provider name** you entered in Dokploy in step 2 (the callback URL path must match), so Dokploy can read email, display name, and other attributes:
+
+```json
+{
+  "audience": "https://your-dokploy-domain.com/saml/metadata",
+  "recipient": "https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml",
+  "destination": "https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml",
+  "signResponse": true,
+  "signAssertion": true,
+  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
+  "nameIdentifierProbes": [
+    "email"
+  ],
+  "mappings": {
+    "email": "email",
+    "displayName": "name",
+    "givenName": "given_name",
+    "surname": "family_name"
+  }
+}
+```
+
+4. Save.
+
+## Troubleshooting (SAML)
+
+- **ACS URL mismatch** — Ensure the callback/ACS URL in Auth0 matches exactly what Dokploy provides (including protocol and path).
+- **Certificate** — Use the full x509 certificate from Auth0 (PEM format); ensure no extra spaces or line breaks.
+- **Entity ID** — The Entity ID in Dokploy must match the Issuer/Entity ID configured in Auth0.
+
+</Tab>
+</Tabs>
+
 For help with your setup, [contact us](https://dokploy.com/contact).

apps/docs/content/docs/core/enterprise/sso/azure.mdx

@@ -62,7 +62,7 @@ description: Configure SSO with Azure AD / Microsoft Entra ID (OIDC or SAML)
 2. Enable **SSO** and choose **SAML**.
 3. Enter:
    - **Provider**: myorg-name-azure-saml (unique name for this provider)
-   - **Entity ID**: the Azure SAML Entity ID (Identifier) from the Enterprise application (eg. `https://sts.windows.net/YOUR_TENANT_ID/`).
+   - **Issuer URL**: the Azure SAML Entity ID (Identifier) from the Enterprise application (eg. `https://sts.windows.net/YOUR_TENANT_ID/`).
    - **SSO URL**: the Azure Login URL (Single Sign-On URL) (eg. `https://login.microsoftonline.com/YOUR_TENANT_ID/saml2`)
    - **Certificate**: the IdP signing certificate (x509 Base64) from Azure
    - **Federation Metadata XML**: the Federation Metadata XML file from Azure

apps/docs/content/docs/core/enterprise/sso/okta.mdx

@@ -61,7 +61,7 @@ description: Configure SSO with Okta (OIDC or SAML)
 2. Enable **SSO** and choose **SAML**.
 3. Enter:
    - **Provider**: myorg-name-okta-saml (unique name for this provider)
-   - **Entity ID**: the Okta Identity Provider issuer (Entity ID) located in `Sign On` tab called `Issuer` (eg. `http://www.okta.com/exkzq3acyuEtIuNrW697`)
+   - **Issuer URL**: the Okta Identity Provider issuer (Entity ID) located in `Sign On` tab called `Issuer` (eg. `http://www.okta.com/exkzq3acyuEtIuNrW697`)
    - **SSO URL**: the Okta Identity Provider single sign-on URL located in `Sign On` tab called `Single sign-on URL` (eg. `https://trial-2804699.okta.com/app/trial-2802699_something/exkzqi3cyuEtIuNrW697/sso/saml`)
    - **Certificate**: go to `Signing Certificate` tab and download the certificate active (x509) and paste it in the `Certificate` field.
    - **Federation Metadata XML**: copy the idp metadata XML from the certificate active and paste it in the `Metadata XML` field.