Single sign-on with Auth0

Pritunl supports single sign-on with Auth0, the Auth0 authorization extension is used to match Auth0 user groups with a Pritunl organization.

Auth0 Application

Open the auth0 dashboard and click Applications then select Create Application. Name the application Pritunl and select Regular Web Applications.


In the application settings set the Application Logo to then set the Allowed Callback URLs to Once done click Save Changes.


Auth0 Management API

Open the APIs tab in the Auth dashboard and select Machine to Machine Applications. Then enable the Authorized for Pritunl. In the drop down menu enable the read:users scope. Once done click Update.


Authorization Extension

If the authorization extension already exists skip the first step to create it. In the Extensions tab of the Auth0 dashboard click All Extensions and select Auth0 Authorization. Then select install.


Click on the Auth0 Authorization extension to open the extension dashboard. Then in the top right menu click Configuration. At the bottom of the configuration page enable Groups and Roles in the Persistence section. Then at the top click Publish Rule.


Configure Pritunl

Open the Applications section in the Auth0 dashboard and select the Pritunl application. Click Reveal client secret and copy the Client ID and Client Secret.


In the Pritunl management interface open the Settings and set Single Sign-On to Auth0. The Default Single Sign-On Organization will be used if an existing organization does not match one of the users Auth0 groups. Then enter the Auth0 Sub-Domain. It must be the first portion of the Auth0 domain excluding the Auth0 domain, this domain is shown in the application settings page above. For this example configuration the domain is pritunl. Then copy the Client ID and Client Secret from the step above. Once done click Save.