Configure SSOCircle as an by completing the following steps:
  1. Obtain SSOCircle metadata.
  2. Configure enterprise connection in Auth0.
  3. Configure SSOCircle as identity provider.
  4. Test connection.

Prerequisite

You must have a SSOCircle account.

Obtain SSOCircle metadata

  1. Navigate to SSOCircle’s IDP page to see the metadata required for integration. You will be shown an XML file.
  2. From this page, you will need to save the following attributes:
    1. The Location URL for the SingleSignOnService attribute with an HTTP-Redirect type.
    2. The Location URL for the SingleLogoutService attribute with an HTTP-Redirect type.
  3. Download and save the SSOCircle CA Certificate.

Configure enterprise connection in Auth0

  1. Go to Dashboard > Authentication > Enterprise > SAMLP and click the plus icon to go to the page that allows you to create a new connection.
  2. Provide the appropriate configuration settings for this connection. The only mandatory fields are as follows:
    SettingDescriptionExample
    Connection nameAuth0 connection name.myoktaconnection
    Sign In URLOkta URL where user login requests are sent. This is the Identity Provider Single Sign-On URL value you recorded previously.https://my_okta_tenant_name.okta.com/app/ my_okta_tenant_namemy_okta_saml_app_integration_name/ dakflkbzevu5i5zBi939/sso/saml
    X509 Signing CertificateOkta tenant public key signing certificate. Upload the X509 Certificate you downloaded previously.myOktaTenantSigningCertificate.pem
  3. When setting up mappings, use the following JSON to properly map SAML attributes from SSO Circle: 
    {
      "email": "EmailAddress",
      "given_name": "FirstName",
      "family_name": "LastName"
    }

4. Click **Save**. In the next window, you'll be provided two options:

   1. If you are a domain administrator, click **Continue** for additional instructions on SAML identity provider configuration.
   2. If you are not, you can give your domain administrator the provided URL so that they can finish the configuration.

You can access the metadata for an Auth0 <Tooltip tip="Security Assertion Markup Language (SAML): Standardized protocol allowing two parties to exchange authentication information without a password.">SAML</Tooltip> connection using a URL with the following format:
`https://{yourDomain}/samlp/metadata?connection={yourConnectionName}`.

You will need to provide this metadata to SSOCircle in the next step.

## Configure SSOCircle as identity provider

1. Log in to your [SSOCircle](http://ssocircle.com) account. You will be directed to your user profile, and to the left of that is a navigation bar.
2. Click **Manage Metadata**.
3. Select **Add New Service Provider**, and provide the following information to configure the new service provider which, in this case, is Auth0:

   | Setting | Description |
   | --- | --- |
   | **FQDN of the ServiceProvider** | `auth0.com` |
   | **Attributes to send in assertion** | Check the box for `EmailAddress` |
   | **Insert your metadata information:** | Paste in the XML metadata that you downloaded after you configured your Auth0 connection. |
4. Click **Submit**.

## Test connection

### Create Auth0 application

1. Go to the **Applications** page on the [Auth0 Dashboard](https://manage.auth0.com/#) and click **+ New Application**.
2. Provide some basic information about your new application. Choose **Regular Web Applications** as the application type.
3. Click **Create** to finish configuration and begin the Application creation process. You will be directed to the application details page.
4. Click **Settings**.
5. In the **Allowed Callback URL** field, enter the list of allowed callback URLs includes those to which users will be redirected after authentication. The URL(s) entered here must match the **callback URL** in the HTML code you will create in a later step. Normally, you would enter a URL for your application, but to keep this example simple, users will simply be sent to the Auth0 JWT Tool.
6. Click **SAVE CHANGES**.
7. Return to the top of **Settings** and click **Connections**.
8. Scroll to the **Enterprise** section. Find the row for the SAML connection you created above and turn on toggle to enable the SAML connection.

### Test enterprise connection

1. To test your connection, follow the steps in [Test Enterprise Connections](/docs/authenticate/identity-providers/enterprise-identity-providers/test-enterprise-connections).
2. During this process you will be asked to log in and consent.
3. Additionally, if you see a message that says, "Your session has timed out," click the **Return to Login page** link below the message.

If logging in to your application doesn't work the first time, clear your browser's history and cookies before testing again. The browser may not be picking up the latest version of your HTML.

When troubleshooting <Tooltip tip="Single Sign-On (SSO): Service that, after a user logs into one applicaton, automatically logs that user in to other applications.">SSO</Tooltip>, it is often helpful to capture an HTTP trace of the interaction. There are many tools that will capture the HTTP traffic from your browser for analysis (search for "HTTP Trace" to find one appropriate for your needs). Once you have an HTTP tracer, capture the login sequence from start to finish and analyze the trace to see the sequence of `GET` requests to see where the error occurs. You should see:

* A redirect from your original site to the IDP
* A post of credentials (if you were asked to log in)
* A redirect to the callback URL.

Ensure that your browser has enabled cookies and JavaScript.

Check to make sure that the callback URL specified in the HTML is also listed in the **Allowed Callback URLs** field in the **Settings** tab of the Auth0 Application.