Single sign on: Auth0 SSO

Integrate Auth0 SSO with your account

Schuyler Welch avatar
Written by Schuyler Welch
Updated over a week ago

To set up SSO with, you'll need to create a new application within the Auth0 dashboard. Any users signing into will need to have assigned access to this application, and will have to authenticate from your clinic sign-in page which will appear similar to [] (be sure to replace subdomain with your actual clinic subdomain).

Not using Auth0 for SSO? See our guides for integrating Okta or Azure.


From your Auth0 dashboard, go to Applications.

  1. Select Create Application.

  2. Choose Single Page Web Application as your application type.


Open your new application, and switch to the Settings tab.

  1. Scroll down to your Application URIs and enter the below URLs as your Allowed Callback URLs

Switch to your Addons tab and enable SAML2 WEB APP.

  1. Select the box to open the popup menu, and switch to your Settings tab.

  2. Set the below URL as your Application Callback URL

  3. Copy & paste the minimal configuration below into your Settings code-space.

    (The email schema may be slightly different - please be sure to check the boilerplate schema before copying this over)

    "audience": "",
    "recipient": "",
    "mappings": {
    "email": ""
    "createUpnClaim": true,
    "passthroughClaimsWithNoMapping": true,
    "mapUnknownClaimsAsIs": true,
    "mapIdentities": true,
    "signatureAlgorithm": "rsa-sha1",
    "digestAlgorithm": "sha1",
    "destination": "",
    "lifetimeInSeconds": 3600,
    "signResponse": false,
    "typedAttributes": true,
    "includeAttributeNameFormat": true,
    "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailaddress",
    "nameIdentifierProbes": [
    "authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified",
    "logout": {
    "callback": "http://foo/logout",
    "slo_enabled": true
    "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

Scroll to the bottom of the popup and Save your changes.

A few things your CSM or support representative will need from the Usage tab within your SAML2 WEB APP:

  • Identity Provider Login URL

  • Identity Provider Metadata

JIT (Just-In-Time provisioning)

With JIT enabled, you can create and assign new users to your app without needing to manually invite or create accounts first. Once an assigned new user authenticates, they'll be prompted to finish setting up their account by selecting a room name before being taken to the dashboard.

  • To remove a clinic user or seat, an account admin will still need to manage that from Account Settings / Clinic Settings / Manage Users.

A few things to note:

  • Once enabled, SSO will replace the traditional sign-in methods for your clinic.

  • When logging in, users will need to authenticate from their clinic login page rather than an external app dashboard in most cases.

  • Existing users can always log in using email/password by going to and will see an optional redirect to their clinic dashboard.

If you have any questions or would like assistance with configuration, please contact your CSM or chat with our support team 🙂

Did this answer your question?