Auth0 is an identity management platform. You can use Auth0 to secure supported applications like Omniscope. You can find out more about Auth0 by visiting their webpage.
Auth0 supports single-sign on, which allows you to avoid having to configure separate login credentials for users inside each application. Instead you configure your users inside Auth0 and allow your applications to communicate with Auth0 to login and retrieve a users identity.
This guide is not intended to be an in-depth guide to Auth0. Instead we outline the process of setting up Auth0 and configuring Omniscope to use Auth0 to manage user authentication using OpenID Connect.
Before deploying any access management tool on your production server you should ensure you are familiar with the technologies involved, and have studied the providers documentation carefully.
Create an account
First we need to create an Auth0 account. If you don't already have one, you can sign-up on their webpage.
After creating your account you will be asked to create a Tenant. The tenant is where you configure Auth0 and create your applications, connections and users. It also defines your Auth0 domain. The domain is the base URL that your users are redirected to in order to authenticate.
Create an application
The next step after creating our account and tenant domain is to register an application.
Login to your auth0 dashboard .
Select Applications then CREATE APPLICATION.
Enter an application name and select Regular web application.
Now click CREATE.
After creating the application, click Settings and make a note of the Domain URL, Client ID and Client Secret. You must ensure your Client Secret is kept confidential at all times in order to stop other applications impersonating your application.
Now enter the following:
Allowed Callback URLs: http://localhost/oidc-cb
Allowed Logout URLs: http://localhost/oidc-locb
Click Save Changes.
Create a user
We now need to create a user to allow access to the application.
Click Users > Create user.
Enter the users email address and authentication.
We've now finished our basic Auth0 setup! The next step is to configure Omniscope to authenticate using Auth0.
We will be setting up Omniscope to authenticate using Auth0.
Make sure Omniscope is installed on your local computer.
Setup the Auth0 provider
Start Omniscope, Click on the admin user button in the top right cornder and click Edit permissions.
nside the Edit permissions dialog:
Scroll down to the OpenID Connect section and tick Set configuration for OpenID connect.
Click Add Provider. In the dropdown select Auth0.
You should see the Auth0 provider has been added, but not yet configured.
Click Auth0 to edit the provider settings.
Enter the Client ID, Client secret and Tenant Domain you obtained earlier.
For more details regarding other options in the dialog see here.
Click Back then click Save
Create a group
We now need to create a group of users that we allow access to Omniscope. These users will be authenticated using Auth0.
Click on the admin user button in the top-right corner and select Edit permissions. In the Edit permissions dialog:
Scroll down to the Groups section and click Add Group.
Click on the Group name. In the Group permissions dialog:
Click Configure permissions and select the permissions for our users. In this example I am selecting Yes to all, but feel free to configure whichever permissions are required.
Click Add authentication mechanism and select OpenID Connect.
Now click OpenID Connect to configure our users. In the dialog:
Tick Restrict by email address.
Click the + button and add the email address of the user we added earlier in Auth0.
Click Back, Back then Save.
We have now configured Auth0 as our OpenID authentication provider in Omniscope. The next step is to test and verify that the authentication process works as expected.
Before we can do this we must ensure that Omniscope is running as an external web server:
Open the admin page and click Network.
Tick Run external web server.
Click Save Changes, then shutdown and restart Omniscoipe.
Now open a new Browser and navigate to the external webserver address (if you have set this up locally use http://localhost). You should see a login button in the top-right.
Click Login then click Continue with Auth0. Omniscope will redirect your authentication request to the Auth0 server. Enter the username/password you configured previously. You should now be redirected back to Omniscope.
You have now logged in and are free to use Omniscope based on the permissions configured earlier. If you click on the user button in the top right corner you should see the users email address.
Please let us know if you have any questions or feedback.