Cisco
Login
Search
Platform Secure Firewall Threat Defense Virtual
Activity Manage

Identity Service Provider Instructions Integrating Auth0 with Security Cloud Sign On

Last updated: Jul 17, 2025

Integrating Auth0 with Security Cloud Sign On

This guide explains how to integrate an Auth0 SAML Addon with Security Cloud Sign On.

Before you begin

Before you begin, read the Integrating Identity Providers to understand the overall process. These instructions supplement that guide with details specific to Auth0 SAML integrations, specifically Step 2: Provide Security Cloud SAML metadata to your identity provider and Step 3: Provide SAML metadata from your IdP to Security Cloud.

Procedure

1

Sign in to Security Cloud Control with the organization that you want to integrate with Auth0.

  1. Create a new identity provider and decide whether to opt out of Duo MFA, as explained in Step 1: Initial setup.

  2. On Step 2: Provide Security Cloud SAML metadata to your identity provider, download the Public certificate, and copy the values for Entity ID and Single Sign-On Service URL for use in the next steps.

2

In a new browser tab, sign in to your Auth0 organization as an administrator. Keep the Security Cloud Control browser tab open because you'll return to it shortly.

  1. Select Applications from the Applications menu.

  2. Click Create Application.

  3. In the Name field enter Secure Cloud Sign On, or other name.

  4. For the application type, choose Regular Web Applications then click Create.

  5. Click the Addons tab.

  6. Click the SAML2 Web App toggle to enable the addon.

    The SAML2 web App configuration dialog opens.

  7. In the Usage tab, download the Auth0 Identity Provider Certificate and the Identity Provider Metadata file.

  8. Click the Settings tab.

  9. In the Application Callback URL field enter the value of the Single Sign-On Service URL that you copied from the organization settings wizard.

  10. In the Settings field enter the following JSON object, replacing the value for audience with the value of Entity ID (Audience URI) provided, and signingCert with the contents of the signing certificate provided by Security Cloud Control converted to a single line of text.


     

    First name and last name are required to log in through Cisco Security Cloud Sign On. Depending on the user identity source that is used with Auth0, you may need additional configuration to make the user's first and last names available in SAML assertions.

    In the following example, the JSON assumes that the attributes given_name and family_name are available and maps them to firstName and lastName respectively in the SAML assertion. 

    
{
  "audience": "...",
  "signingCert": "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n",
  "mappings": {
    "email": "email",
    "given_name": "firstName",
    "family_name": "lastName"
  },
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ],
  "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
}

  11. Click Enable at the bottom of the Addon dialog to enable the application.
3

Return to Security Cloud Control and click Next. You should be on Step 3: Provide SAML metadata from your IdP to Security Cloud.

  1. Select the XML file upload option.

  2. Upload the Identity Provider Metadata file provided by Auth0.

What to do next

Next, follow the instructions in Step 4: Test your SAML integration and Step 5: Activate the integration to test and activate your integration.

Previous topic Identity Service Provider Instructions Next topic Integrating Microsoft Entra ID with Security Cloud Sign On