Hanko Auth0 SAML Integration Guide:About Hanko:Hanko is a modern open source authentication solution and the fastest way you integrate passkeys, 2FA, SSO, and more—with full control over your data. Move between self-hosted and Hanko Cloud anytime. No lock-in. Just Auth how it should be: secure, user friendly, and fully yours.What This Guide Covers: This guide demonstrates how to configure Auth0 as a SAML identity provider for your Hanko project, enabling secure single sign-on authentication for enterprise users.Key Technologies:
- SAML 2.0
- XML digital signatures
- Auth0 identity provider
- SAML assertions
- Active Auth0 account
- Hanko Cloud project
- Basic understanding of SAML authentication protocols
- Admin access to both Auth0 and Hanko Cloud dashboards
- Set up SAML application in Auth0 dashboard
- Configure SAML addon with proper ACS URL and settings
- Set up attribute mapping for email claims
- Create enterprise connection in Hanko Cloud
- Test integration using IdP-initiated flow
- Verify authentication workflow functions properly
Prerequisites
You need your project’s SAML Assertion Consumer Service (ACS) URL.Service Provider ACS URL
To find the Assertion Consumer Service (ACS) URL for your project:- Log in to Hanko Cloud and select your project.
- Navigate to
Settings > Enterprise connections. - Under
Enterprise connectionsfind theRedirect URLpanel. - Copy and save the URL.
Create an Auth0 application
- Sign up for an Auth0 account or sign in to access your dashboard.
- On your dashboard, select
Applications > Applicationsin the left sidebar. - Click
Create applicationto create an application.
- In the shown modal, enter a name for your application.
- Select
Regular Web Applicationsas the application type. - Click
Createto create the application. You should be redirected to the application’s dashboard.
- On the application’s dashboard, select
Addonsin the top tab navigation. - Click on the
SAML2 Web Apppanel.
- In the shown modal, select
Settingsin the top tab navigation. - In the
Application Callback URLinput provide the ACS URL you obtained as described in Prerequisites - Service Provider ACS URL.
- Scroll down and select
Enableto enable the configured SAML addon.
- Select the
Usagetab in the top tab navigation. - Find
Identity Provider Metadataand copy the address ofDownloadlink. You need this for configuring the enterprise connection with Hanko in the next section.
Attribute mapping
SAML SSO integration with Hanko requires an email address attribute in the IdP’s SAML response. The attribute must be available under the namehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress. Auth0 uses this name by default for the emailaddress attribute, so no additional configuration is required.
Configure an enterprise connection
- Log in to Hanko Cloud and select your project.
- Navigate to
Settings > Enterprise connections. - Under
Connections, clickNew connection.
- In the shown modal provide the following data:
- A
Namefor the connection. - A
Domainfor the connection. When users authenticate via SAML SSO, the domain of the email address provided as an identifier at the start of an authentication flow must match the domain configured here. - A
Metadata URL. This is the URL you copied in step 13 in Create an Auth0 application. - Select whether you want skip email verification for this provider.
- A
- Click
Saveto create the connection.
Testing your integration
To test your integration via IdP-initiated flow:- Navigate to the SAML Addon configuration for your application (see step 8 in Create an Auth0 application).
- In the
Usagetab, find theIdentity Provider Login URLand click the link.
