Hanko Auth0 SAML Integration Guide

About Hanko: Hanko is a modern, passwordless authentication solution that enables secure user login experiences through passkeys, SAML SSO, and other advanced authentication methods. This guide demonstrates how to integrate Hanko with Auth0 for enterprise SAML authentication.What This Guide Covers: This guide demonstrates how to configure Auth0 as a SAML identity provider for your Hanko project, enabling secure single sign-on authentication for enterprise users.Key Technologies:
  • SAML 2.0
  • XML digital signatures
  • Auth0 identity provider
  • SAML assertions
  • enterprise connections
  • SSO workflows
Prerequisites:
  • Active Auth0 account
  • Hanko Cloud project
  • Basic understanding of SAML authentication protocols
  • Admin access to both Auth0 and Hanko Cloud dashboards
Tasks You’ll Complete:
  • Set up SAML application in Auth0 dashboard
  • Configure SAML addon with proper ACS URL and settings
  • Set up attribute mapping for email claims
  • Create enterprise connection in Hanko Cloud
  • Test integration using IdP-initiated flow
  • Verify authentication workflow functions properly

Prerequisites

You need your project’s SAML Assertion Consumer Service (ACS) URL.

Service Provider ACS URL

To find the Assertion Consumer Service (ACS) URL for your project:
  1. Log in to Hanko Cloud and select your project.
  2. Navigate to Settings > Enterprise connections.
  3. Under Enterprise connections find the Redirect URL panel.
  4. Copy and save the URL.
How to find the Assertion Consumer Service URL in the Hank Cloud enterprise settings of a project

Create an Auth0 application

  1. Sign up for an Auth0 account or sign in to access your dashboard.
  2. On your dashboard, select Applications > Applications in the left sidebar.
  3. Click Create application to create an application.
Create an Auth0 application from the admin dashboard
  1. In the shown modal, enter a name for your application.
  2. Select Regular Web Applications as the application type.
  3. Click Create to create the application. You should be redirected to the application’s dashboard.
Create an Auth0 application from the admin dashboard
  1. On the application’s dashboard, select Addons in the top tab navigation.
  2. Click on the SAML2 Web App panel.
Create an Auth0 application from the admin dashboard
  1. In the shown modal, select Settings in the top tab navigation.
  2. In the Application Callback URL input provide the ACS URL you obtained as described in Prerequisites - Service Provider ACS URL.
Provide Hanko tenant ACS URL in SAML addon settings
  1. Scroll down and select Enable to enable the configured SAML addon.
Enable configured SAML addon
  1. Select the Usage tab in the top tab navigation.
  2. Find Identity Provider Metadata and copy the address of Download link. You need this for configuring the enterprise connection with Hanko in the next section.
Copy identity provider metadata URL

Attribute mapping

SAML SSO integration with Hanko requires an email address attribute in the IdP’s SAML response. The attribute must be available under the name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress. Auth0 uses this name by default for the emailaddress attribute, so no additional configuration is required.

Configure an enterprise connection

  1. Log in to Hanko Cloud and select your project.
  2. Navigate to Settings > Enterprise connections.
  3. Under Connections, click New connection.
Create a new enterprise connection
  1. In the shown modal provide the following data:
    • A Name for the connection.
    • A Domain for the connection. When users authenticate via SAML SSO, the domain of the email address provided as an identifier at the start of an authentication flow must match the domain configured here.
    • A Metadata URL. This is the URL you copied in step 13 in Create an Auth0 application.
    • Select whether you want skip email verification for this provider.
  2. Click Save to create the connection.
Provide enterprise connection data

Testing your integration

To test your integration via IdP-initiated flow:
  1. Navigate to the SAML Addon configuration for your application (see step 8 in Create an Auth0 application).
  2. In the Usage tab, find the Identity Provider Login URL and click the link.
Use the SAML Addons Identity Provider Login URL to test your integration via IdP-initiated login