Pega – SSO configuration using Auth0/SAML2.0

Demo video:

Little Background:

What is Auth0 used for?

Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications. Your team and organization can avoid the cost, time, and risk that come with building your own solution to authenticate and authorize users.

SAML works by exchanging user information, such as logins, authentication state, identifiers, and other relevant attributes between the identity and service provider. As a result, it simplifies and secures the authentication process as the user only needs to log in once with a single set of authentication credentials.

OAuth 2.0 is a protocol that allows a user to grant limited access to their resources on one site, to another site, without having to expose their credentials. Auth0 is an organisation, who manages Universal Identity Platform for web, mobile and IoT can handle any of them — B2C, B2B, B2E, or a combination.

Now lets start,

Go to :

Sign in : continue with google and log in with Google email id. Then you can proceed to create an application.

Left hand menu –> Applications–>Create Application

Select – Regular Web Applications – Name = <Choose any name of your choice>

Click Addons


Keep this window open and lets go to Pega

Create an Authentication Service in Pega

Alias – MySSO

We have to import IdP metadata from Auth0 later

Go to Service provider settings

Take Assertion consumer service location


And paste it in SAML2 Web App

Click Enable at the bottom of the screen

Now scroll up and go to the usage tab

Scroll down a little bit and download IdP meta data

Now go to the Authentication service

Disable request signing — click the checkbox as we are not using any encryption

Now go to the IdP section and upload the IdP metadata from the Auth0 side

Upload the IdP file

As of now we are not using any advance configuration settings

Now SaveAs a current operator, I have Save AS my operator [email protected] to [email protected] and now go to the Authentication service Operator configuration section

Click the check box, Enable operator provisioning using model operator

Now copy SSO URL

Now go to the OAuth and create user

Left hand pane – Users and Roles

Create users

You can give any user id– no need to match with pega operator

[email protected]

Now go to the incognito window

Paste the URL that you have received in the PEGA authentication service

PFB for reference–blue highlighted URL–the SSO URL in to the incognito browser.

Look at the URL, it is not the common URL, this is the SSO URL

Provide the credentials

Successfully logged in to Pega