Skip to main content
Skip table of contents

SSO using Auth0 (Beta)

We’re currently preparing to launch improved Single Sign-on capabilities using Auth0 to improve the user experience, security and scalability of our platform. If you are interested in participating in the beta and are not currently using one of our legacy SSO options, reach out to your Customer Success Manager!

Introduction

Auth0 SSO offers an enterprise-grade authentication solution that is not only secure and scalable but most importantly offers a much better user experience.

Screenshot 2025-08-28 at 12.22.17.png

Users will no longer have to remember if their organization uses SSO and if so, which type of SSO is being used. All they need to do is enter their email address and they will either get access directly or be prompted to sign into their work account.

Additional benefits

  • Improved security: We’re using industry-standard protocols and robust JWT-based token management.

  • Improved scalability: Being built on Auth0, our improved SSO offers reliable authentication for organizations of any size.

  • Support for multiple identity providers: You can enable SSO from multiple identity providers across your organization.

  • Simple, guided integration: After granting the integration access, you’ll be guided through the setup process by the detailed wizard.

Prerequisites

During the beta, the following must apply:

  1. No legacy SSO use: You must either be new to SSO at SoSafe or disconnect your existing SSO setup.

  2. Supported enterprise identity provider: You must be using an identity provider supported by Auth0. All major identity providers, including Azure AD/Entra, Google Workspace, Okta and SAML. For more details, refer to the Auth0 support pages.

  3. Beta participation: Auth0 SSO must be activated for your organization by the SoSafe engineering team.

Limitations

Currently, Auth0 SSO is only available for the SoSafe E-Learning platform. Support for the SoSafe manager will follow soon.

Setup

  1. Navigate to Settings / SSO. If SSO is missing, reach out to your Customer Success Manager so it can be enabled for your account.

    Screenshot 2025-08-28 at 14.37.34.png

  2. Select + Add SSO connection. A new dialog window will open. Give your connection a name and select Create Connection.

    Screenshot 2025-08-28 at 13.54.32.png

  3. You’re now given a link that will take you through the setup in a guided way. Most of the work now will happen on the identity provider side and all required information will be provided through this guide. If you have admin rights for your identity provider, you can proceed directly by selection Open setup. If you don’t have admin rights, you can select Copy link and send this URL to an admin. You can also send them a link to this article to give them more context.

    Screenshot 2025-08-28 at 14.14.43.png

This link is only valid for 1 hour and has a limited number of uses for better security. You can always generate a new one if necessary. To do so, select Regenerate setup link for the SSO connection entry on the Settings / SSO page in the Manager.

  1. Follow the setup wizard. Note that at some points, you will be asked to note down certain bits of technical information that you will need again later on. We provide detailed instructions for Entra ID and Google Workspace. For custom SAML or OIDC connections, we still provide all required technical information but the specific steps in your identity provider are outside the scope of our wizard.

  2. Before testing your connection at the end of the setup wizard, make sure you granted access either your test user (e.g. your own account) or all users you want to have access via SSO. Select Test Connection.

    Screenshot 2025-08-28 at 17.26.24.png

  3. A new tab will open and you might be prompted to enter your company account credentials. If the test was successful, you can close the tab and you will get a preview of the user information that was submitted.

    Screenshot 2025-08-28 at 17.26.54.png

  4. Select Enable Connection. Your SSO should now be active and working. Check to see if it shows as “✅ verified” on Settings / SSO in the Manager.

Note that it can take up to 10 minutes before all data has been synchronized.

Disabling and deleting Auth0 SSO

  1. Go to Settings / SSO in the Manager and select Remove. You will be asked to confirm the deletion.

Screenshot 2025-08-29 at 16.21.04.png

  1. Recommended: In your identity provider, delete the application you created during the setup process.

Login options

There are two available options to control how users can log in after you have activated Auth0 SSO:

  1. SSO Login: When this option is activated, all users can only log in via SSO if at least one SSO connection is verified. This is our recommendation.

  2. SSO & Email/Password Login: When this option is activated, users can log in with their email/password credentials or via an SSO connection.

Screenshot 2025-09-01 at 13.20.10.png

To change this setting, select the text to the left of + Add SSO connection (see above). This text will also show the current setting. A new dialog window will open, allowing you to change this setting:

Screenshot 2025-09-01 at 13.43.56.png

Frequently asked questions (FAQ)

General

Q: What is Auth0?

A: Auth0 is a leading identity management platform that provides secure, scalable, and customizable authentication and authorization services. SoSafe uses Auth0 to power SSO in a scalable, secure and user-friendly way.

Q: Will my existing (legacy) SSO continue to work?

A: Your current setup will continue to function without any interruption if you do not make any changes. We recommend making the switch, however, since this makes logging in a lot easier for your users. Note that before switching to Auth0 SSO, you will need to disconnect your existing SSO connection.

Q: Will Legacy SSO be replaced?

A: Eventually, yes. We plan a phased migration to transition existing customers from legacy SSO to Auth0 SSO, both for credentialed users and those on legacy SSO. We will communicate specific migration plans and timelines well in advance.

Q: What are the key differences between legacy SSO and Auth0?

A:

  • No more campaign-level SSO: SSO configuration is now managed at the customer level, not per campaign.

  • New SSO configuration method: All Auth0 SSO configuration for your organization happens exclusively through the new configuration wizard accessed via the Settings / SSO page in the Manager.

  • No direct SSO campaign links: Direct SSO login links previously found in campaigns will be phased out as they are no longer needed.

  • SAML configuration page disabled: The standalone SAML configuration page in the Manager will be disabled for new Auth0 SSO customers.

Q: Will password resetting still be available in the Manager?

A: For Auth0 SSO users, password resetting functionality within the SoSafe Manager will be disabled, as password management will be handled by your organization's identity provider.

User-facing changes

Q: How does the new E-Learning login page work?

A: Users enter their work email or access code. The system determines if they are a legacy or Auth0 SSO user and redirects them accordingly:

  • ESSO users: Directed to Auth0 for identity provider authentication (or a choice of multiple IdPs/hybrid options).

  • Legacy users: Directed to the traditional legacy login page.

Q: Can I register for E-Learning with ESSO 2.0 via the Register button?

A: The Register button on the E-Learning login page is exclusively for legacy users. New Auth0 SSO users manage their identity via their corporate identity provider; direct registration through SoSafe via this button is not applicable for them.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close