Auth0

Auth0 is an identity management platform that provides authentication and authorization services for applications. Auth0 supports implementing secure login systems with authentication methods including single-sign on (SS0).

To integrate Auth0 with Firebolt’s platform, you need to configure both an Auth0 application for Firebolt and Firebolt’s SSO for Auth0. Detailed instructions can be found in the following sections:

Configure an Auth0 application

  1. Login to your Auth0 Dashboard. If you don’t yet have an account with Auth0, you can sign up to access their services.
  2. Select Applications from the left navigation panel.
  3. Select Applications again.
  4. Select the + Create Application button.
  5. Under Name, enter a name for your application.
  6. In the dropdown list under Application Type, select Regular Web Application.
  7. Select Create the Application.
  8. Once your application is created, it will appear under Applications. Select the three horizontal dots (…) next to your application’s name, and select Settings from the dropdown list.
  9. Navigate to the Application URIs section.
  10. In the textbox under Application Login URI, enter your Firebolt organization URL address, followed by /login?. For example, https://staging-go.firebolt.io/login?.
  11. In the textbox under Allowed Callback URLs field, provide a callback URL with the following format: https://id.app.firebolt.io/login/callback?connection=<org_name>-<provider>&organization=<organization_identifier>. For example, https://id.app.firebolt.io/login/callback?connection=firebolt-staging-auth0&organization=org_UJhpsQ5ypXVU8JVB. The following apply:
    • <org_name> - the organizational name used to create your Firebolt account referenced in your vanity URL.
    • <provider> - the provider, Auth0.

    • <organization_identifier> - the unique identifier for your organization in Firebolt. To retrieve your <organization_identifier>, do the following:

      1. Login to the Firebolt Workspace.
      2. Select the Configure icon (The Firebolt Configure Space icon.).
      3. Select SSO from the left navigation pane.
      4. Select Copy organization SSO identifier.
  12. Save the configuration.
  13. Select the Addons tab at the top of the application work area.
  14. Toggle SAML2 WEB APP.
  15. In the Usage tab, do the following:
    1. Copy the Identity Provider Login URL and save for the following Firebolt configuration step.
    2. Note the Issuer for the following Firebolt configuration step.
    3. Select Download Auth0 certificate. These are needed to configuring Firebolt to work with the Auth0 IdP.
  16. Select the Settings tab.
  17. Select Enable to enable the SSO using SAML2.0 on the IdP. You are now ready to configure Firebolt to use Auth0 as your IdP.

Configure Firebolt for Auth0

Once your Identity Provider(IdP) is configured, you can now configure Firebolt to integrate with Auth0 either using SQL scripts in the Develop Space or through the user interface (UI) in the Configure Space.

Configure Firebolt to integrate with Auth0 using the UI

  1. Login to the Firebolt Workspace.
  2. Select the Configure icon (The Firebolt Configure Space icon.).
  3. Select SSO from the left navigation pane.

  4. Under Configure SSO for your organization, enter the following:

    1. Sign-on URL - Enter the sign-on URL, provided by the SAML identity provider, where Firebolt will send SAML requests. The URL is specific to the IdP and is defined during configuration. For Auth0, this value corresponds to the Identity Provider Login URL value copied in Step 15 of the Auth0 application configuration.
    2. Issuer - A unique value generated by the SAML identity provider specifying the issuer value. The issuer corresponds to the Issuer value noted in Step 15 of the Auth0 application configuration.
    3. Provider - The provider’s name, Auth0.
    4. Label: The label to use for the SSO login button. You can use any label name. If the label is not provided, Firebolt uses the value in the Provider field.
    5. (Optional) Sign-out URL - An endpoint provided by Auth0 that facilitates the logout process by redirecting the user to this URL, ending their session.
    6. Signing certificate - A digital certificate used to verify the authenticity of a signature used to communication between Auth0 and Firebolt. The certificate must be in Privacy Enhanced Mail (PEM) or CER format, and can be uploaded from your computer by selecting Import certificate or entered in the text box under Signing certificate.
    7. Field mapping - A mapping used to match user attributes between Auth0 and Firebolt. Enter the First name and Last name in your Auth0 profile. Mapping is only required the first time a user logs in using SSO.
    8. Select Update changes.

Configure Firebolt to integrate with Auth0 using SQL

Login to Firebolt’s Workspace. If you haven’t yet registered with Firebolt, see Get Started. If you encounter any issues, reach out to support@firebolt.io for help. Then, do the following:

  1. Select the Develop icon (The Firebolt Develop Space icon.).
  2. By default, when you login to Firebolt’s Workspace for the first time, Firebolt creates a tab in the Develop Space called Script 1. The following apply:
  • The database that Script 1 will run using is located directly below the tab name. If you want to change the database, select another database from the drop-down list.
  • An engine must be running to process the script in a selected tab. The name and status of the engine that Script 1 uses for computation is located to the right of the current selected database.

Select system from the drop-down arrow next to the engine name. The system engine is always running, and you can use it to create a service account. You can also use an engine that you create.

  1. Use the syntax in the following example code to create an SSO connection in the SQL Script Editor:
ALTER ORGANIZATION vsko SET SSO = '{
  "signOnUrl": "https://dev-1234567890123456.us.auth0.com/samlp/123456789012345678901234567890123",
  "signoutURL": "http://your-sign-out-URL",
  "issuer": "auth0",
  "provider": "auth0",
  "label": "Auth0 Company IdP",
  "fieldMapping": {
    "given_name": "name",
    "family_name": "surname"
  },
  "certificate": "<certificate>",
}';

In the previous code example, the following apply:

  • signOnUrl- The sign-on URL, provided by the SAML identity provider, where Firebolt will send SAML requests. The URL is specific to the IdP and is defined during configuration. For Auth0, this value corresponds to the Identity Provider Login URL value copied in Step 15 of the Auth0 application configuration.
  • (Optional)signoutUrl- An endpoint provided by Auth0 that facilitates the logout process by redirecting the user to this URL, ending their session.
  • issuer - A unique value generated by the SAML identity provider specifying the issuer value. The issuer corresponds to the Issuer value noted in Step 15 of the Auth0 application configuration.
  • provider - The provider’s name, Auth0.
  • label - The label to use for the SSO login button. You can use any label name. If the label is not provided, Firebolt uses the value in the Provider field.
  • certificate - A digital certificate used to verify the authenticity of a signature used to communication between Auth0 and Firebolt. The certificate must be in Privacy Enhanced Mail (PEM) or CER format.
  • field mapping - A mapping used to match user attributes between Auth0 and Firebolt. Enter the first name and surname in your Auth0 profile. Mapping is only required the first time a user logs in using SSO.