Auth0

The Auth0 connector integrates the Maverics Orchestrator with Auth0 by Okta — enabling OIDC-based single sign-on for applications that authenticate against Auth0 tenants.

Console terminology: In the Maverics Console, this section is called Identity Fabric. The YAML configuration uses the connectors key to define identity provider integrations.

Overview

The Auth0 connector uses OpenID Connect to federate authentication with Auth0. It uses type: auth0 in the connector configuration and supports standard OIDC flows — designed for organizations that use Auth0 as their identity platform, whether for customer-facing (CIAM) or workforce identity scenarios. The connector can also facilitate Auth0 tenant migrations and multi-IdP orchestration.

Use Cases

Auth0 SSO federation — Extend Auth0 authentication to legacy applications that don’t support OIDC natively
Auth0 tenant migration — Gradually migrate users between Auth0 tenants without downtime
Combining Auth0 with enterprise IdPs — Orchestrate authentication across Auth0 and enterprise identity providers like Azure AD or Okta

Configuration

Console UI
Configuration

Console UI documentation is coming soon. This section will walk you through configuring this component using the Maverics Console’s visual interface, including step-by-step screenshots and field descriptions.

Auth0 configuration screen in Maverics Console

connectors:
  - name: auth0
    type: auth0
    oidcWellKnownURL: "https://{{ env.AUTH0_DOMAIN }}/.well-known/openid-configuration"
    oauthClientID: "{{ env.AUTH0_CLIENT_ID }}"
    oauthClientSecret: <vault.auth0_client_secret>
    oauthRedirectURL: "https://app.example.com/oidc/callback"
    scopes: "openid profile email"

Configuration Reference

Key	Type	Required	Description
`name`	string	Yes	Unique connector identifier referenced in app policies
`type`	string	Yes	Must be `auth0`
`oidcWellKnownURL`	string	Yes	OIDC discovery endpoint URL (Auth0 tenant domain)
`oauthClientID`	string	Yes	OAuth 2.0 client ID from the Auth0 dashboard
`oauthClientSecret`	string	Yes	OAuth 2.0 client secret (use secret reference syntax)
`oauthRedirectURL`	string	Yes	Callback URL registered with the Auth0 application
`scopes`	string	No	Space-separated OAuth scopes (default: `openid profile email`)
`oauthExtraParams`	map	No	Additional query parameters for the authorization request
`tls`	string	No	Named TLS profile for provider communication

For the complete field reference including health checks, offline access, and PKCE settings, see Identity Fabric.

Troubleshooting

Verify the oidcWellKnownURL is accessible from the Orchestrator host — ensure the Auth0 domain is correct (e.g., your-tenant.auth0.com or custom domain)
Ensure the oauthRedirectURL matches exactly what is registered in the Auth0 application under Allowed Callback URLs
Check that the client secret reference resolves correctly via your secret provider

Identity Fabric

Overview of all identity providers

Okta

OIDC connector for Okta

Custom OIDC

Generic OpenID Connect connector

Continuity

Failover connector for IdP high availability

Console Administration

Orchestration

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Identity Fabric

Okta

Custom OIDC

Continuity

Console Administration

Orchestration

​Overview

​Use Cases

​Configuration

​Configuration Reference

​Troubleshooting

​Related Pages

Identity Fabric

Okta

Custom OIDC

Continuity

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Related Pages