| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | --- | 
					
						
							|  |  |  | title: Auth0 SSO | 
					
						
							|  |  |  | slug: /deployment/security/auth0 | 
					
						
							|  |  |  | --- | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Auth0 SSO
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Follow the sections in this guide to set up Auth0 SSO. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {%important%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | Security requirements for your **production** environment: | 
					
						
							|  |  |  | - **DELETE** the admin default account shipped by OM in case you had [Basic Authentication](/deployment/security/basic-auth) | 
					
						
							|  |  |  |   enabled before configuring the authentication with Auth0 SSO. | 
					
						
							|  |  |  | - **UPDATE** the Private / Public keys used for the [JWT Tokens](/deployment/security/enable-jwt-tokens). The keys we provide | 
					
						
							|  |  |  |   by default are aimed only for quickstart and testing purposes. They should NEVER be used in a production installation. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {%/important%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | ## Create Server Credentials
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ### Step 1: Create the Account
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - If you don't have an account, [Sign up](https://auth0.com/signup) to create one. | 
					
						
							|  |  |  | - Select the Account Type, i.e., Company or Personal | 
					
						
							|  |  |  | - Click I need advanced settings and click next. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% image  | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | src="/images/v1.0/deployment/security/auth0/create-account-1.png"  | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | alt="create-account" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Provide the Tenant Domain, select the region and click on Create Account. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% image  | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | src="/images/v1.0/deployment/security/auth0/create-account-2.png"  | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | alt="create-account" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Once done, you will land on the dashboard page. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% image | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | src="/images/v1.0/deployment/security/auth0/create-account-3.png"  | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | alt="create-account" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | ### Step 2: Create a New Application
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - Once you are on the Dashboard page, click on `Applications > Applications` available on the left-hand side panel. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% image  | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | src="/images/v1.0/deployment/security/auth0/create-new-app-1.png"  | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | alt="create-app" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Click on `Create Application`. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% image  | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | src="/images/v1.0/deployment/security/auth0/create-new-app-2.png"  | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | alt="create-app" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Enter the Application name. | 
					
						
							|  |  |  | - Choose an application type and click on `Create`. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% image  | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | src="/images/v1.0/deployment/security/auth0/create-new-app-3.png"  | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | alt="create-app" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | ### Step 3: Where to Find the Credentials
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - Navigate to the Settings tab.  | 
					
						
							|  |  |  | - You will find your `Client ID`, `Client Secret` and `Domain`. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% image  | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | src="/images/v1.0/deployment/security/auth0/credentials.png"  | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | alt="credentials" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | ## Create Service Account (optional)
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | This is a guide to create ingestion bot service account. This step is optional if you configure the ingestion-bot with | 
					
						
							|  |  |  | the JWT Token, you can follow the documentation of [Enable JWT Tokens](/deployment/security/enable-jwt-tokens). | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ### Step 1: Enable Client-Credential
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - Go to your project dashboard. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% image  | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | src="/images/v1.0/deployment/security/auth0/enable-client-credential-1.png"  | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | alt="client" /%}  | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Navigate to `Applications > Applications` | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% image  | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | src="/images/v1.0/deployment/security/auth0/enable-client-credential-2.png"  | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | alt="client" /%}  | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Select your application from the list. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% image  | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | src="/images/v1.0/deployment/security/auth0/enable-client-credential-3.png"  | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | alt="client" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Once selected, scroll down until you see the `Application Properties` section. | 
					
						
							|  |  |  | - Change the Token Endpoint `Authentication Method` from `None` to `Basic`. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% image  | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | src="/images/v1.0/deployment/security/auth0/enable-client-credential-4.png"  | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | alt="client" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Now scroll further down to the section on `Advanced Settings`. | 
					
						
							|  |  |  | - Click on it and select `Grant Types`. | 
					
						
							|  |  |  | - In the `Grant Types`, check the option for `Client Credentials`. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | {% image src="/images/v1.0/deployment/security/auth0/enable-client-credential-5.png" alt="client"/> | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Once done, click on `Save Changes`. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ### Step 2: Authorize the API with our Application.
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - Navigate to `Applications > APIs` from the left menu. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | {% image src="/images/v1.0/deployment/security/auth0/authorize-api-1.png" alt="auth" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - You will see the `Auth0 Management API`. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | {% image src="/images/v1.0/deployment/security/auth0/authorize-api-2.png" alt="auth" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Click on the `Auth0 Management API`. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | {% image src="/images/v1.0/deployment/security/auth0/authorize-api-3.png" alt="auth" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Click on the `Machine to Machine Applications` tab. | 
					
						
							|  |  |  | - You will find your application listed below. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | {% image src="/images/v1.0/deployment/security/auth0/authorize-api-4.png" alt="auth" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Click on the toggle to authorize. | 
					
						
							|  |  |  | - Once done you will find a down arrow, click on it. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | {% image src="/images/v1.0/deployment/security/auth0/authorize-api-5.png" alt="auth" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | - Select the permissions (scopes) that should be granted to the client. | 
					
						
							|  |  |  | - Click on `Update`. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-12 12:22:40 +02:00
										 |  |  | {% image src="/images/v1.0/deployment/security/auth0/authorize-api-6.png" alt="auth" /%} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | After the applying these steps, you can update the configuration of your deployment: | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  | {% inlineCalloutContainer %} | 
					
						
							|  |  |  |   {% inlineCallout | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  |     color="violet-70" | 
					
						
							|  |  |  |     icon="celebration" | 
					
						
							|  |  |  |     bold="Docker Security" | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  |     href="/deployment/security/auth0/docker" %} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  |     Configure Auth0 SSO for your Docker Deployment. | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  |   {% /inlineCallout %} | 
					
						
							|  |  |  |   {% inlineCallout | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  |     color="violet-70" | 
					
						
							|  |  |  |     icon="storage" | 
					
						
							|  |  |  |     bold="Bare Metal Security" | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  |     href="/deployment/security/auth0/bare-metal" %} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  |     Configure Auth0 SSO for your Bare Metal Deployment. | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  |   {% /inlineCallout %} | 
					
						
							|  |  |  |   {% inlineCallout | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  |     color="violet-70" | 
					
						
							|  |  |  |     icon="fit_screen" | 
					
						
							|  |  |  |     bold="Kubernetes Security" | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  |     href="/deployment/security/auth0/kubernetes" %} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  |     Configure Auth0 SSO for your Kubernetes Deployment. | 
					
						
							| 
									
										
										
										
											2023-04-21 21:59:41 +05:30
										 |  |  |   {% /inlineCallout %} | 
					
						
							|  |  |  | {% /inlineCalloutContainer %} | 
					
						
							| 
									
										
										
										
											2023-04-17 16:45:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | ## Configure Ingestion
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | After everything has been set up, you will need to configure your workflows if you are running them via the  | 
					
						
							|  |  |  | `metadata` CLI or with any custom scheduler. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | When setting up the YAML config for the connector, update the `workflowConfig` as follows: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ```yaml | 
					
						
							|  |  |  | workflowConfig: | 
					
						
							|  |  |  |   openMetadataServerConfig: | 
					
						
							|  |  |  |     hostPort: 'http://localhost:8585/api' | 
					
						
							|  |  |  |     authProvider: auth0 | 
					
						
							|  |  |  |     securityConfig: | 
					
						
							|  |  |  |       clientId: '{your_client_id}' | 
					
						
							|  |  |  |       secretKey: '{your_client_secret}' | 
					
						
							|  |  |  |       domain: '{your_domain}' | 
					
						
							|  |  |  | ``` |