diff --git a/apps/docs/content/docs/core/enterprise/sso/auth0.mdx b/apps/docs/content/docs/core/enterprise/sso/auth0.mdx index d8ff2d1..567693f 100644 --- a/apps/docs/content/docs/core/enterprise/sso/auth0.mdx +++ b/apps/docs/content/docs/core/enterprise/sso/auth0.mdx @@ -1,8 +1,10 @@ --- title: Auth0 -description: Configure SSO with Auth0 +description: Configure SSO with Auth0 (OIDC or SAML) --- + + ## 1. Create an application in Auth0 @@ -35,10 +37,71 @@ description: Configure SSO with Auth0 - `https://your-dokploy-domain.com` 5. Save changes. -## Troubleshooting +## Troubleshooting (OIDC) - **Redirect URI mismatch** — Ensure the callback URL in Dokploy matches exactly what is configured in Auth0 (including protocol and path). - **Invalid client** — Double-check Client ID and Client Secret, and that the application is a web application. - **Scopes** — Ensure Auth0 is configured to return `openid` and, if required, `email` and `profile`. + + + +## 1. Create a SAML application in Auth0 + +1. Log in to the [Auth0 Dashboard](https://manage.auth0.com/). +2. Go to **Applications** → **Applications** → **Create Application**. +3. Choose **Regular Web Application** and create it. +4. In the application, go to **Add Ons** → enable **SAML 2 Web App** and configure it, in the settings specify this callback URL: `https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml`. +5. Next & Save. + +## 2. Configure Dokploy + +1. In Dokploy, go to **Settings** (or **Organization** / **Security** in Enterprise). +2. Enable **SSO** and choose **SAML**. +3. Enter: + - **Provider**: myorg-name-auth0-saml (unique name for this provider) + - **Issuer URL**: the Auth0 SAML Entity ID / Issuer located in `Add Ons` tab called `SAML 2 Web App` called `Entity ID` (e.g. `urn:auth0:your-tenant:your-app`) + - **SSO URL**: the Auth0 SAML Single Sign-On URL located in `Add Ons` tab called `SAML 2 Web App` called `Single Sign-On URL` (e.g. `https://dev-ladsadb.us.auth0.com/samlp/wgJe9bWmwhVnuAC7eNtyUsiou4b6wxuf`) + - **Certificate**: download the certificate active (x509) from the `Add Ons` tab called `SAML 2 Web App` called `Identity Provider Certificate` and paste it in the `Certificate` field. + - **Federation Metadata XML**: copy the Identity Provider Metadata XML from the certificate active and paste it in the `Metadata XML` field. + - **Domain**: the domain users use to authenticate via Auth0 (e.g. your organization domain like `acme.com`), not the Dokploy instance URL +4. Save. + +## 3. Configure Auth0 (SAML) + +1. In your Auth0 SAML application, set the **Application Callback URL** (ACS URL) to your Dokploy SAML ACS URL, for example: + - `https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml` +2. In the **SAML 2 Web App** add-on, open **Settings** and paste the following JSON in the **Settings** (Application Settings) field. Replace `https://your-dokploy-domain.com` with your Dokploy base URL and `myorg-name-auth0-saml` with the **exact same provider name** you entered in Dokploy in step 2 (the callback URL path must match), so Dokploy can read email, display name, and other attributes: + +```json +{ + "audience": "https://your-dokploy-domain.com/saml/metadata", + "recipient": "https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml", + "destination": "https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml", + "signResponse": true, + "signAssertion": true, + "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "nameIdentifierProbes": [ + "email" + ], + "mappings": { + "email": "email", + "displayName": "name", + "givenName": "given_name", + "surname": "family_name" + } +} +``` + +4. Save. + +## Troubleshooting (SAML) + +- **ACS URL mismatch** — Ensure the callback/ACS URL in Auth0 matches exactly what Dokploy provides (including protocol and path). +- **Certificate** — Use the full x509 certificate from Auth0 (PEM format); ensure no extra spaces or line breaks. +- **Entity ID** — The Entity ID in Dokploy must match the Issuer/Entity ID configured in Auth0. + + + + For help with your setup, [contact us](https://dokploy.com/contact). diff --git a/apps/docs/content/docs/core/enterprise/sso/azure.mdx b/apps/docs/content/docs/core/enterprise/sso/azure.mdx index de7df41..7f9175e 100644 --- a/apps/docs/content/docs/core/enterprise/sso/azure.mdx +++ b/apps/docs/content/docs/core/enterprise/sso/azure.mdx @@ -62,7 +62,7 @@ description: Configure SSO with Azure AD / Microsoft Entra ID (OIDC or SAML) 2. Enable **SSO** and choose **SAML**. 3. Enter: - **Provider**: myorg-name-azure-saml (unique name for this provider) - - **Entity ID**: the Azure SAML Entity ID (Identifier) from the Enterprise application (eg. `https://sts.windows.net/YOUR_TENANT_ID/`). + - **Issuer URL**: the Azure SAML Entity ID (Identifier) from the Enterprise application (eg. `https://sts.windows.net/YOUR_TENANT_ID/`). - **SSO URL**: the Azure Login URL (Single Sign-On URL) (eg. `https://login.microsoftonline.com/YOUR_TENANT_ID/saml2`) - **Certificate**: the IdP signing certificate (x509 Base64) from Azure - **Federation Metadata XML**: the Federation Metadata XML file from Azure diff --git a/apps/docs/content/docs/core/enterprise/sso/okta.mdx b/apps/docs/content/docs/core/enterprise/sso/okta.mdx index 517eb8a..94f9068 100644 --- a/apps/docs/content/docs/core/enterprise/sso/okta.mdx +++ b/apps/docs/content/docs/core/enterprise/sso/okta.mdx @@ -61,7 +61,7 @@ description: Configure SSO with Okta (OIDC or SAML) 2. Enable **SSO** and choose **SAML**. 3. Enter: - **Provider**: myorg-name-okta-saml (unique name for this provider) - - **Entity ID**: the Okta Identity Provider issuer (Entity ID) located in `Sign On` tab called `Issuer` (eg. `http://www.okta.com/exkzq3acyuEtIuNrW697`) + - **Issuer URL**: the Okta Identity Provider issuer (Entity ID) located in `Sign On` tab called `Issuer` (eg. `http://www.okta.com/exkzq3acyuEtIuNrW697`) - **SSO URL**: the Okta Identity Provider single sign-on URL located in `Sign On` tab called `Single sign-on URL` (eg. `https://trial-2804699.okta.com/app/trial-2802699_something/exkzqi3cyuEtIuNrW697/sso/saml`) - **Certificate**: go to `Signing Certificate` tab and download the certificate active (x509) and paste it in the `Certificate` field. - **Federation Metadata XML**: copy the idp metadata XML from the certificate active and paste it in the `Metadata XML` field.