Auth0: Single Sign On for Enterprise and support for 20+ Social Providers

(José F Romaniello) #1

:warning: This plugin currently is on the way to being deprecated - instead we at the Auth0 Community currently recommend using the Discourse OAuth2 Basic Plugin instead.

Single Sign On plugin using Auth0 for Social and Enterprise identity providers.


What do I get by using Discourse with Auth0?

  • Support for Active Directory / LDAP (see animated gif)
    • No matter if Discourse is on the cloud or on-prem, it will work transparently
    • Support for Kerberos too (configured by IP ranges)
    • Very easy configuration in the AD side, doesn’t need open ports
  • Support for other enterprise logins like SAML Protocol, Windows Azure AD, Google Apps, Salesforce, etc. All supported here:
  • Support for social providers without having to add OmniAuth strategies by hand. Just turn on/off social providers (see animated gif)
  • Support for Single Sign On with other Discourse instances and any other application in your account (see animated gif.


Adding Active Directory / LDAP

Adding Social Providers

Single Sign On Between multiple Discourse forums

Single Sign On with Windows Authentication

Using Discourse Login Dialog instead of the Auth0 widget

You can keep using Discourse Login dialog and integrate only a specific connection from Auth0. It will show up as another button like the social providers.

Go to admin site settings for Auth0 and change the auth0_connection with the connection name you want to use from Auth0.


  • Create an account on Auth0 and register a new Rails application, note: ignore the rails tutorial in Auth0.

  • Run in your discourse root folder:

$ rake plugin:install repo= name=auth0 
$ rm -rf tmp public/assets
$ rake assets:precompile 
  • Login as an adminstrator to your discourse setting using one of the pre-existing auth plugins.

  • Configure the Auth0 plugin in the admin section


  • Enjoy!

Official Single-Sign-On for Discourse (sso)
Office 365 Login?
(Bpmilne) #2

Very nice update guys!

(@SenpaiMass) #3

@jfromaniello does it help to sign up with Steam ?

(InsaneMosquito) #4

Based on this, it doesn’t look like it.

(José F Romaniello) #5

@Alankrit_Choudh @InsaneMosquito We are constantly adding new providers, I’ve logged this to our backlog, it looks easy.

We prioritise these type of features for paid customers. I will update this thread as soon as we add.

(Abhishek Satyam Jha) #6

Hi @jfromaniello

I have installed your designated plugin. How can I customize Login Lock Screen, with my site logo, also Password strength I configured from auth0 dashboard, but I am unable to get the same in my disocurse installation. How can I get benefited of all the settings, features of auth0 in my discourse auth0 plugin.

Please explain me in detail so that I get benefited of features of auth0 in my discourse installation.


(Mark Moorcroft) #7

I have just built a GitLab VM, and now I’m working on a companion Discourse VM. The GitLab folks allow you to pass kerberos auth straight through as what they call an omniauth provider (others are google, twitter… etc). It uses the host OS kerberos auth setup without entering any other info into the gitlab.rb. Is anything like this on the roadmap for Discourse? Or can anyone suggest a strategy for me? This is exactly what we need, and the setup was dead simple.

(Daniel) #8

Does one have to run :

$ rake plugin:install repo= name=auth0 $ rm -rf tmp public/assets $ rake assets:precompile

In order to use it or can I just add it to the plugins section in app.yml?

(José F Romaniello) #9

@daniel we use this in our app.yml:

    - exec:
        cd: $home/plugins
          - mkdir -p plugins
          - git clone
          - git clone auth0

You need just the git clone on the hooks > after_code > exec > cmd

(Nukeador) #10

I’ve configured this as explained in the conf but I’m unable to make it works:

Using the default options I get “No valid connection can be found”. I checked and at least one connection is enabled for the client (password-less email)

Limiting auth0_connection to “email” (so I avoid having the site auth broken) ends up in redirecting me to a page that doesn’t exist. Email connection is enabled for the client and the test is working fine.


Cannot GET /wsfed?disable_signup=false&name=email&email=&authParams=&totp=&brute_force_protection=true&store=&requestTokenStore=&strategy_instance=email&wctx=XXXXX&wtrealm=urn%3Aauth0%3AXXXX%3Aemail&wa=wsignin1.0

(I replaced my account parameters by XXXX)

(Leo McArdle) #11

This would be because the plugin uses lock, rather than lock-passwordless, which doesn’t support passwordless connections.

I’ve submitted a PR which adds lock-passwordless:

Which can be used by adding the following to your app.yml:

git clone -b passwordless

You’ll need to enable it in settings with auth0_passwordless, and clear your auth0_connection value.

(Leo Giovanetti) #12

Just wanted to bring up this option to have true seamless SSO with centralized login using Auth0 login hosted page.

(Jeremy M) #13

This plugin currently is on the way to being deprecated - instead we (Auth0 Community) currently recommend using the Discourse OAuth2 Basic Plugin (which we use at Auth0)

(Jeff Atwood) #14

Great, I added that note to the top of the first post as a warning!