Skip to main content
Integrate Auth0 as your Single Sign-On (SSO) provider for kombify Cloud and self-hosted tools.

Overview

Auth0 provides:
  • OAuth 2.0 and OpenID Connect (OIDC)
  • Multi-factor authentication (MFA)
  • Enterprise connections
  • Role-based access control (RBAC)
kombify Cloud uses Auth0 for hosted SSO.

Prerequisites

Auth0 tenant

Hosted tenant or custom domain such as auth.kombify.io

Admin access

Access to the Auth0 dashboard

Setup for kombify Cloud

Step 1: Create an application

1

Access Auth0 dashboard

Log in to your Auth0 tenant.
2

Create application

Navigate to Applications -> Create Application
  • Name: kombify Cloud
  • Type: Regular Web Application
3

Configure callback URLs

Add these URLs:
https://app.kombify.io/auth/callback/auth0
https://kombify.io/auth/callback/auth0
For self-hosted environments, add the matching public callback URL for that deployment.
4

Configure logout URLs

Add:
https://app.kombify.io
https://kombify.io
5

Save credentials

Copy these values:
  • Domain
  • Client ID
  • Client Secret

Step 2: Configure kombify Cloud

Configure the hosted tenant for:
  • AUTH0_DOMAIN
  • AUTH0_ISSUER_BASE_URL
  • AUTH0_CLIENT_ID
  • AUTH0_CLIENT_SECRET

Setup for self-hosted tools

Use the same Auth0 tenant or a dedicated tenant per environment. The exact variables depend on the tool, but the standard kombify contract is: 
AUTH0_DOMAIN=auth.example.com
AUTH0_ISSUER_BASE_URL=https://auth.example.com
AUTH0_CLIENT_ID=tool-client-id
AUTH0_CLIENT_SECRET=tool-client-secret

Roles and claims

Use a custom namespaced claim for roles: 
{
  "https://kombify.io/roles": ["admin", "manager", "user"]
}
Map those roles inside kombify according to the target service contract.

Troubleshooting

Ensure the callback URL in Auth0 exactly matches the URL configured in the kombify service.
Verify the issuer metadata:
curl https://auth.example.com/.well-known/openid-configuration
Ensure the Auth0 application, organization, and role claims match the kombify environment configuration.