Overview
Configure Maverics to use Auth0 as an identity provider using the OpenID Connect (OIDC) protocol.
.png?sv=2022-11-02&spr=https&st=2025-05-31T06%3A14%3A53Z&se=2025-05-31T06%3A26%3A53Z&sr=c&sp=r&sig=SBVQTbYdB0TvzFG41E%2B009c1ps7pamdXg87rgdE53%2Bo%3D)
Identity Fabric→Auth0 (OIDC)→Configure Identity Fabric→Use for authentication in a user flow
Configure Identity Fabric
Use a Secret Provider
Production settings ought to implement a secret management system. Maverics connects with multiple secret management systems, which keep secrets that Orchestrator instances retrieve during startup. To cite a secret from your provider, enclose the name in angle brackets. (e.g. <app client-id>)
Learn more about Secret Providers
ld Name | Description | Example |
|---|---|---|
Name | The friendly name of your provider. | auth0-example |
OIDC Well Known URL | The URL that returns OpenID Connect metadata about the Auth0 authorization server. |
|
OAuth Client ID | The client ID of the registered Mavericks application. | exampleID <client_ID_from_secret_provider> |
OAuth Client Secret | The secret key used for authentication in production environments. | |
Redirect URL | The URL that Auth0 uses to redirect the client back after authentication. |
|
Logout Callback URL (Auth0) | The URL that initiates the logout on Auth0's side. This invalidates the SSO cookie in Auth0 but the cookie may still remain in the browser. |
|
Logout Callback URL (Maverics) | The URL that Auth0 calls back once logout is successful. This needs to be set in the registered Mavericks application. |
|
Proof Key for Code Exchange (PKCE) | Enable or disable Proof Key for Code Exchange (PKCE). When set to |
Identity Service Health Monitoring
Identity Service Health Monitoring is a feature used as part of Identity Continuity and is available for OIDC, SAML, and LDAP identity services. When enabled, this feature allows the orchestrator to continuously poll the identity service and trigger an alert if it can't be reached. In addition, you can create a manual failover mechanism for break-glass scenarios with the custom health check endpoint capability.
You will need to configure Identity Service Health Monitoring for each identity service used in your continuity strategy.
When this feature is enabled, the following fields can be configured:
| Name | Description | Example |
|---|---|---|
| Polling Frequency | The interval between each health check of the identity service. Can be set in seconds, minutes, or hours. | 30s |
| Timeout | The maximum wait time for a response. Can be set in seconds, minutes, or hours. | 5s |
| Failover Threshold | The number of consecutive negative (down) health check results to trigger a failover. | 4 |
| Fallback Threshold | The number of consecutive positive (up) health check results to trigger a fallback. | 4 |
| Custom Health Check | Enabling this allows you to override the behavior of monitoring IDP availability. This can be used use custom signals for IDP health or for a break-glass scenario to manually trigger failover and fallback behaviors. | |
| Custom Health Check Endpoint | The endpoint to use for the custom health check. The value must be a fully qualified URL. | https://example.com/health |
| Expected Status Codes | (Optional) The HTTP status codes that the custom health check returns to be considered healthy. | 200, 201 |
| Response Body Matcher | (Optional) A matcher that verifies the expected value in the response body of a health check. | '"status": "up"' |