Skip to main content

Enabling Single Sign-On (SSO) for the FGA Dashboard

Users authenticate to Auth0 FGA with an Auth0 identity, like the one used to login to the Auth0 Dashboard. When you land on the Auth0 FGA Dashboard login page, you are redirected to Auth0, where you enter your login credentials. This means that to configure SSO for the Auth0 FGA Dashboard, you need to configure it in Auth0.

To configure SSO in Auth0, follow the steps detailed in the Auth0 documentation and request the Auth0 support team to enable Home Realm Discovery for your account.

After SSO is configured with Home Realm Discovery, whenever you log in to Auth0 FGA, you will be redirected to your identity provider and then back to the Auth0 FGA dashboard.

Accessing Existing Accounts

The first time you log in to the dashboard after SSO is configured, you will be prompted to create a new account. You can do that if you want, but if you need to access an account created before SSO was enabled, you will need to log in with the credentials you used when you created that account:

  • If you used an email and password, and the email matches the one you use with your identity provider, you will need to force the Dashboard application to use the username/password credential instead of SSO. To do this, navigate to https://dashboard.fga.dev/login?connection=auth0.

  • If you have used a social connection like Google or GitHub, you need to use that method.

After authenticating, you will need to remove all the Dashboard members and reinvite them so they can accept the invitations using their SSO credentials. Note that this is different from the behavior you have in the Auth0 dashboard. You will not be able to remove yourself, so someone else will need to remove you and reinvite you.

Bookmarking the Auth0 FGA Dashboard in Your Corporate Identity Provider

If you want to help coworkers authenticate to the Dashboard, you can create a bookmark in their identity provider platform (e.g., Okta) linking to https://dashboard.fga.dev/login?connection=<connection name>, where <connection name> is the name of the connection provisioned in Auth0 when configuring SSO.

Troubleshooting

  • If you can login to Auth0 using SSO but not to Auth0 FGA, please submit a support ticket reporting it. Home Realm Discovery must be enabled for Auth0 FGA to work with SSO.

  • If you're redirected to https://dashboard.fga.dev/customers/new after logging in, it means you haven't been invited to your organization's FGA account or haven't accepted the invite. Make sure you're invited and that you've accepted the invitation to access your company’s FGA instances.

Have Feedback?

You can use any of our support channels for any questions or suggestions you may have.