Skip to main content
The Auth0 connector integrates the Maverics Orchestrator with Auth0 by Okta — enabling OIDC-based single sign-on for applications that authenticate against Auth0 tenants.
Console terminology: In the Maverics Console, this section is called Identity Fabric. The YAML configuration uses the connectors key to define identity provider integrations.

Overview

The Auth0 connector uses OpenID Connect to federate authentication with Auth0. It supports standard OIDC flows — designed for organizations that use Auth0 as their identity platform, whether for customer-facing (CIAM) or workforce identity scenarios. The connector can also facilitate Auth0 tenant migrations and multi-IdP orchestration.

Use Cases

  • Unify SSO across CIAM and workforce apps — Extend Auth0 authentication to legacy applications that don’t support OIDC natively, bridging customer-facing and internal identity scenarios
  • Rationalize Auth0 tenants — Consolidate multiple Auth0 tenants or migrate users from Auth0 to another IdP gradually without downtime, reducing per-tenant licensing costs
  • Authentication resilience — Route authentication to a backup identity provider if Auth0 becomes unavailable, maintaining continuous access for end users
  • Orchestrate Auth0 with enterprise IdPs — Combine Auth0 with providers like Microsoft Entra ID or Okta in a single authentication flow, enabling flexible identity routing across platforms

Setup

To create an Auth0 (OIDC) connector in the Maverics Console:
  1. Navigate to Identity Fabric in the Console sidebar.
  2. Click Create and select Auth0 (OIDC).
  3. Enter a Name — this is the friendly name that identifies your provider.
  4. Enter the OIDC Well Known URL — for Auth0, this follows the pattern https://{your-tenant}.auth0.com/.well-known/openid-configuration. If you are using a custom domain, replace the tenant URL with your custom domain.
  5. Enter the OAuth Client ID — the Client ID from your Auth0 application settings in the Auth0 dashboard.
  6. Enter the OAuth Client Secret — the Client Secret from your Auth0 application settings.
  7. Under Redirect URLs, add the callback URL where Auth0 will redirect after authentication. This URL must match an entry in the Allowed Callback URLs configured in your Auth0 application.
  8. Optionally configure Logout Callback URLs for single logout support.
  9. Optionally set Scopes (space-separated). Default scopes are typically openid profile email.
  10. The PKCE toggle is enabled by default. Disable it only if your Auth0 application is not configured to support Proof Key for Code Exchange.
  11. Optionally enable Offline Access for token refresh support (Proxy apps only).
  12. Click Save.

Troubleshooting

  • Verify the oidcWellKnownURL is accessible from the Orchestrator host — ensure the Auth0 domain is correct (e.g., your-tenant.auth0.com or custom domain)
  • Ensure the oauthRedirectURL matches exactly what is registered in the Auth0 application under Allowed Callback URLs
  • Check that the client secret reference resolves correctly via your secret provider

Identity Fabric

Overview of all identity providers

Okta

OIDC connector for Okta

Generic OIDC

Generic OpenID Connect connector

Continuity

Failover connector for IdP high availability