Prerequisites

You need your project’s SAML Assertion Consumer Service (ACS) URL.

Service Provider ACS URL

To find the Assertion Consumer Service (ACS) URL for your project:
  1. Log in to Hanko Cloud and select your project.
  2. Navigate to Settings > Enterprise connections.
  3. Under Enterprise connections find the Redirect URL panel.
  4. Copy and save the URL.
How to find the Assertion Consumer Service URL in the Hank Cloud enterprise settings of a project

Create an Auth0 application

  1. If you do not already have an Auth0 account, sign up. If you do have an account, sign in to access your dashboard.
  2. On your dashboard, select Applications > Applications in the left sidebar.
  3. Click Create application to create an application.
Create an Auth0 application from the admin dashboard
  1. In the shown modal, enter a name for your application.
  2. Select Regular Web Applications as the application type.
  3. Click Create to create the application. You should be redirected to the application’s dashboard.
Create an Auth0 application from the admin dashboard
  1. On the application’s dashboard, select Addons in the top tab navigation.
  2. Click on the SAML2 Web App panel.
Create an Auth0 application from the admin dashboard
  1. In the shown modal, select Settings in the top tab navigation.
  2. In the Application Callback URL input provide the ACS URL you obtained as described in Prerequisites - Service Provider ACS URL.
Provide Hanko tenant ACS URL in SAML addon settings
  1. Scroll down and select Enable to enable the configured SAML addon.
Enable configured SAML addon
  1. Select the Usage tab in the top tab navigation.
  2. Find Identity Provider Metadata and copy the address of Download link. You need this for configuring the enterprise connection with Hanko in the next section.
Copy identity provider metadata URL

Attribute mapping

SAML SSO integration with Hanko requires an attribute with a user’s email address in IdP’s SAML response’s attribute statement. The attribute should be available under the name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress. This name is the default name for the emailaddress attribute returned by Auth0, so no further configuration should be required.

Configure an enterprise connection

  1. Log in to Hanko Cloud and select your project.
  2. Navigate to Settings > Enterprise connections.
  3. Under Connections, click New connection.
Create a new enterprise connection
  1. In the shown modal provide the following data:
    • A Name for the connection.
    • A Domain for the connection. When users authenticate via SAML SSO, the domain of the email address provided as an identifier at the start of an authentication flow must match the domain configured here.
    • A Metadata URL. This is the URL you copied in step 13 in Create an Auth0 application.
    • Select whether you want skip email verification for this provider.
  2. Click Save to create the connection.
Provide enterprise connection data

Testing your integration

To test your integration via IdP-initiated flow:
  1. Navigate to the SAML Addon configuration for your application (see step 8 in Create an Auth0 application).
  2. In the Usage tab, find the Identity Provider Login URL and click the link.
Use the SAML Addons Identity Provider Login URL to test your integration via IdP-initiated login