Auth0

Prerequisites

• Administrator access to the Harmony SASE Administrator Portal.

• Administrator account with the Identity Provider Management Portal.

High-Level Procedure

• Step 1 - Configure the Auth0 Management Portal

• Step 2 - Configure the Harmony SASE Administrator Portal

Step 1 - Configure the Auth0 Management Portal

1. Log in to Auth0 Management Portal.

2. From the left navigation pane, click Applications.

3. Click Create Application.

   

4. In the Name field, enter a name for the application.

   

5. Select Regular Web Application and click Create.

6. Go to Addons tab and toggle SAML2 Web App to ON.

   

   The SAML2 Web App window appears.

7. In the Settings tab, enter these values:

   • Application Callback URL: https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

   • Settings: Copy the code, replace {{WORKSPACE}} with your Harmony SASE workspace name and paste it in Settings.

     Copy

     {
     
     "audience": "urn:auth0:perimeter81:{{WORKSPACE}}-oc",
     
     "mappings": {
     
     "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
     
     "given_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
     
     "family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
     
     "groups": "http://schemas.xmlsoap.org/claims/Group"
     
     }
     
     }

     

8. Click Enable to save and activate the application.

9. Click Debug and verify your configuration.

10. Go to the Usage tab.

11. Click Download Auth0 certificate.

12. Copy the Identity Provider Login URL.

Step 2 - Configure the Harmony SASE Administrator Portal

1. Log in to the Harmony SASE Administrator Portal with a administrator account.

2. Go to Settings > Identity Providers.

3. Click Add Provider.

   The Add identity provider pop-up appears.

4. Select SAML 2.0 Identity Providers and click Continue.

   

5. In the Sign in URL field, enter the Identity Provider Sign-in URL from your SAML Identity Provider.

   Identity Provider	Sign in URL
   Generic SAML	Identity Provider Sign in URL
   Active Directory Federation Services (AD FS)	https://{{Your ADFS Domain}}/adfs/ls
   Auth0	Auth0 login URL
   OneLogin	SAML 2.0 Endpoint (HTTP) value
   PingOne	https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid={{idpid}}
   PingFederate	https://sso.{{Your PingFederate Domain}}.com/idp/SSO.saml2
   Rippling	Rippling IdP Sign-in URL.
   JumpCloud	JumpCloud IDP URL
   Okta	Okta Sign on URL
   Google Applications	SSO URL

6. In the Domain Aliases field, enter the business domain names separated by commas or space.

7. In the X509 Signing Certificate field, enter the X.509 signing certificate for the application from the SAML Identity Provider.

   If you have the signing certificate as PEM/CERT file, click Upload PEM/CERT File and select the file.

8. Click Done.

Note - After the first successful authentication of a member with SAML, Harmony SASE does this: Assigns the member with the appropriate role. Adds the member to the groups related to Identity Provider. Applies the relevant configuration profiles to the member.