# Auth0

Pritunl supports single sign-on with Auth0, the Auth0 authorization extension is used to match Auth0 user groups with a Pritunl organization.

### Auth0 Application

Open the *auth0* dashboard and click *Applications* then select *Create Application*. Name the application `Pritunl` and select *Regular Web Applications*.

![](/files/hr4NUhGKXKHHWcVXjIEG)

In the application settings set the *Application Logo* to `https://pritunl.com/img/logo.png` then set the *Allowed Callback URLs* to `https://auth.pritunl.com/callback/authzero`. Once done click *Save Changes*.

![](/files/DtHp1zW9E0HhdTH6LMVk)

### Auth0 Management API

Open the *APIs* tab in the Auth dashboard and select *Machine to Machine Applications*. Then enable the *Authorized* for *Pritunl*. In the drop down menu enable the *read:users* scope. Once done click *Update*.

![](/files/vHU83GHyj1elf0Kow28d)

### Authorization Extension

If the authorization extension already exists skip the first step to create it. In the *Extensions* tab of the Auth0 dashboard click *All Extensions* and select *Auth0 Authorization*. Then select *install*.

![](/files/t9j9m1BlvoA3qyXbuuyt)

Click on the *Auth0 Authorization* extension to open the extension dashboard. Then in the top right menu click *Configuration*. At the bottom of the configuration page enable *Groups* and *Roles* in the *Persistence* section. Then at the top click *Publish Rule*.

![](/files/t10ohSuw2bqzcKFVtjUJ)

### Configure Pritunl

Open the *Applications* section in the Auth0 dashboard and select the *Pritunl* application. Click *Reveal client secret* and copy the *Client ID* and *Client Secret*.

![](/files/6IzZ9z4NYiX69EFPoWXf)

In the Pritunl management interface open the *Settings* and set *Single Sign-On* to `Auth0`. The *Default Single Sign-On Organization* will be used if an existing organization does not match one of the users Auth0 groups. Then enter the *Auth0 Sub-Domain*. It must be the first portion of the Auth0 domain excluding the Auth0 domain, this domain is shown in the application settings page above. For this example configuration the domain is `pritunl`. Then copy the *Client ID* and *Client Secret* from the step above. Once done click *Save*.

![](/files/PljXk9mX0ETOC0LA0ahh)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pritunl.com/kb/vpn/sso/auth0.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.