> ## Documentation Index
> Fetch the complete documentation index at: https://cosmo-docs.wundergraph.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Auth0

> Setting up SSO with Auth0

### Steps to set Auth0 as an OIDC identity provider

<Steps>
  <Step>
    Navigate to the Applications view within your Auth0 account.
  </Step>

  <Step>
    Either use the default application or create a new application by clicking on the **Create Application** button.
  </Step>

  <Step>
    A dialog will open, give the app a name, select the type of application and then click on the **Create** button.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/42uxo0ok5O8ITXRT/images/studio/sso/create-native-app-named-my-app.png?fit=max&auto=format&n=42uxo0ok5O8ITXRT&q=85&s=3e109db7fb3dabd4f88a2181c0ae3f88" alt="Creating a new Native application named My App" title="Create Native app named My App" width="768" height="422" data-path="images/studio/sso/create-native-app-named-my-app.png" />
    </Frame>
  </Step>

  <Step>
    Once the app is created, navigate to the Setting tab. Now copy the **Domain**, **Client ID** and **Client Secret**.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/42uxo0ok5O8ITXRT/images/studio/sso/app-basic-info-with-name-and-domain.png?fit=max&auto=format&n=42uxo0ok5O8ITXRT&q=85&s=2c11651adfb61616eeacd7d29300a25b" alt="Basic Information section showing app name My App and development domain" title="App basic info with name and domain" width="768" height="392" data-path="images/studio/sso/app-basic-info-with-name-and-domain.png" />
    </Frame>
  </Step>

  <Step>
    Navigate to the settings page on Cosmo.
  </Step>

  <Step>
    * Click on **Connect.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/42uxo0ok5O8ITXRT/images/studio/sso/organization-settings-with-ai-rbac-scim.png?fit=max&auto=format&n=42uxo0ok5O8ITXRT&q=85&s=0eb267c3aae7fa8077cf25a00dd86600" alt="Organization settings showing name, slug, and status of AI, RBAC, and SCIM features" title="Organization settings with AI, RBAC, SCIM" width="2796" height="1902" data-path="images/studio/sso/organization-settings-with-ai-rbac-scim.png" />
    </Frame>
  </Step>

  <Step>
    Give the connection a name, the **Discovery Endpoint** will be  `https://YOUR_AUTH0_DOMAIN/.well-known/openid-configuration` **,** and paste the **Client ID** and  **Client secret**copied before into the **Client ID** and  **Client Secret fields respectively,** and then click on **Connect.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/42uxo0ok5O8ITXRT/images/studio/sso/oidc-provider-configuration-form.png?fit=max&auto=format&n=42uxo0ok5O8ITXRT&q=85&s=cb69777f326700d91550bc6c38f22b5e" alt="Connect OpenID Connect Provider form with fields for name, endpoint, and credentials" title="OIDC provider configuration form" width="2786" height="2122" data-path="images/studio/sso/oidc-provider-configuration-form.png" />
    </Frame>
  </Step>

  <Step>
    Configure the mapping between the roles in Cosmo and the user roles in Auth0. The field **Group in the provider** can be populated with the name of the role or a regex to match the user roles. Once all the mappers are configured, click on **Save**.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/42uxo0ok5O8ITXRT/images/studio/sso/group-to-role-mapping-dialog.png?fit=max&auto=format&n=42uxo0ok5O8ITXRT&q=85&s=766181df73bdb7b797a5fc0216b40fab" alt="Group mapper configuration dialog linking provider groups to Cosmo roles" title="Group-to-role mapping dialog" width="2774" height="1972" data-path="images/studio/sso/group-to-role-mapping-dialog.png" />
    </Frame>
  </Step>

  <Step>
    Copy the sign-in and sign-out redirect URIs displayed in the dialog.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/42uxo0ok5O8ITXRT/images/studio/sso/oidc-provider-configuration-steps.png?fit=max&auto=format&n=42uxo0ok5O8ITXRT&q=85&s=d718f9c21acd7a37d4cc98740d77172e" alt="Steps to configure OIDC provider with sign-in and sign-out redirect URLs" title="OIDC provider configuration steps" width="2784" height="1848" data-path="images/studio/sso/oidc-provider-configuration-steps.png" />
    </Frame>
  </Step>

  <Step>
    Navigate back to the settings tab of the application created on Auth0 and populate the **Allowed Callback URLs** and **Allowed Logout URLs** redirect URIs with the above-copied sign-in and sign-out URLs respectively. Click on **Save Changes**.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/42uxo0ok5O8ITXRT/images/studio/sso/application-uri-configuration.png?fit=max&auto=format&n=42uxo0ok5O8ITXRT&q=85&s=c91e9a0bfece227048e2995b89598b2b" alt="Application URI settings for callback and logout URLs in Cosmo Docs" title="Application URI configuration" width="768" height="394" data-path="images/studio/sso/application-uri-configuration.png" />
    </Frame>
  </Step>

  <Step>
    Now navigate to **Actions** -> **Library,** and then click on  **the Build Custom**button**.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/42uxo0ok5O8ITXRT/images/studio/sso/empty-library-page.png?fit=max&auto=format&n=42uxo0ok5O8ITXRT&q=85&s=fb47de871c6b988c30746c131e5bd199" alt="Cosmo Docs library page showing no installed actions or configurations" title="Empty library page" width="768" height="389" data-path="images/studio/sso/empty-library-page.png" />
    </Frame>
  </Step>

  <Step>
    Give the action a name, select **Login/Post Login** as the **Trigger** and **Node 18** as the **Runtime** and then click the  **Create**button**.**
  </Step>

  <Step>
    Copy the below code and paste it into the editor shown, then click the **Deploy** button.

    ```js theme={"system"}
    exports.onExecutePostLogin = async (event, api) => {
      if(event.authorization){
        api.idToken.setCustomClaim(`ssoGroups`, event.authorization.roles);
      }
    };
    ```
  </Step>

  <Step>
    Now navigate to **Actions** -> **Flows,** and then click on  the  **Login**flow**.**
  </Step>

  <Step>
    Navigate to the **Custom** tab on the right side of the page. Now drag the action and place it between Start and Complete as shown below, and then click on **Apply**.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/42uxo0ok5O8ITXRT/images/studio/sso/login-flow-customization.png?fit=max&auto=format&n=42uxo0ok5O8ITXRT&q=85&s=80bca6e41dd1e5bea5858d6138713af4" alt="Login flow customization showing Start, test, and Complete actions" title="Login flow customization" width="768" height="470" data-path="images/studio/sso/login-flow-customization.png" />
    </Frame>
  </Step>

  <Step>
    Now you can assign users/groups to the application, and those users will be able to log into Cosmo using the URL provided on setting up the provider.
  </Step>
</Steps>
