---
title: Connect Auth0 | Keycard
description: Connect Auth0 as an identity provider for zone-level user authentication.
---

Caution

This tutorial configures sign-in for users of **your zone**: the people who use the application Keycard protects. If you are setting up SSO for **Keycard Console administrators** (your team signing into Console to manage Keycard), see [Single sign-on for Console](/admin/single-sign-on/index.md) instead.

In this tutorial, we will configure user authentication to occur through Auth0. We will start by creating an application in your Auth0 [tenant](https://auth0.com/docs/get-started/auth0-overview/create-tenants). We will then configure Auth0 as a [provider](/concepts/providers/index.md) in your Keycard zone. This application and provider pair creates a connection that will allow users to sign in using Auth0.

For illustrative purposes, the zone in this tutorial is named “Example”. Each zone also has a unique **Zone ID** that appears in the zone’s domain: `<zone-id>.keycard.cloud`. The Zone ID is distinct from the zone’s name. Throughout this tutorial, `<zone-id>` is a placeholder you will replace with the ID of your own zone.

## Create application in Auth0

In the first phase of this tutorial, we will create an application in Auth0. You’ll configure the application with the necessary settings to connect it to your zone.

1. In Auth0 Dashboard, select **Applications > Applications** in the navigation menu.

2. On the **Applications** page, click the **Create Application** button. A **Create application** wizard will appear.

   In the **Name** field, enter “Example”, which is the name of your zone.

   Choose **Regular Web Application** as the application type.

   Click the **Create** button. You will be directed to a page to set up the newly created Example application.

3. On the Example application page, click the **Settings** tab.

   Notice that the **Quickstart** tab was originally selected, prompting you for information about what framework you are using to build your project. Keycard has pre-built features to integrate with Auth0, so this can be skipped.

   In the **Settings** tab, scroll down to **Application URIs**.

   Tip

   **Finding your Zone ID:** In Keycard Console, click your zone name in the sidebar to open **Zone Settings**, then copy the **OAuth 2 Redirect URL**. It will be in the form `https://<zone-id>.keycard.cloud/oauth/2/redirect`. The URLs below should use *your* zone ID, not the literal string `<zone-id>` and not `example`.

   In the **Allowed Callback URLs** field, and enter: `https://<zone-id>.keycard.cloud/oauth/2/redirect`

   In the **Allowed Logout URLs** field, enter `https://<zone-id>.keycard.cloud/openid/connect/redirect/logout`.

   Double check that the domain in the URLs matches the domain of your zone.

   Click the **Save** button.

You’ve successfully created an application in Auth0. You should now be on the settings page for the new Example application. This application will allow users in your Auth0 tenant to sign into your zone.

Remain on this page, as we will need to refer to the settings in the next phase.

## Create provider in Keycard

In the next phase of this tutorial, we will create a provider in Keycard. You’ll configure the provider with the necessary credentials to connect to your Auth0 tenant.

It is recommended that you complete these steps in a new browser tab or window, as you’ll need to copy and paste settings between Auth0 Dashboard and Keycard Console.

1. In Keycard Console, select **Providers** in the navigation menu.

2. On the **Providers** page, click the **Add provider** button. A **Create provider** screen will appear.

   In the **Name** field, enter “Auth0”.

   In the **Issuer URL** field, enter your Auth0 domain, prefixed with `https://` as the URL scheme and suffixed with a trailing `/`. For example: `https://example.us.auth0.com/`.

   Your Auth0 domain can be found on the application settings page in the **Domain** field in Auth0 Dashboard. It is easiest to copy and paste the value from Auth0 Dashboard to Keycard Console.

   In the **Client ID** field, enter the Client ID that Auth0 assigned to the newly created Example application. This can be found in the **Client ID** field on the settings page for the application in Auth0 Dashboard. It is easiest to copy and paste the Client ID from Auth0 Dashboard to Keycard Console.

   In the **Client Secret** field, enter the Client Secret that Auth0 generated for the Example application. This can be found on the same settings page. It is easiest to copy and paste the secret from Auth0 Dashboard to Keycard Console.

You’ve just create a provider in Keycard that is connected to your Auth0 tenant!

## Use Auth0 for sign in

In the final phase of this tutorial, we will configure user authentication to occur through Auth0.

1. In Keycard Console, select **Zone Settings** in the navigation menu.

2. On the **Zone settings** page, scroll down to the **Zone sign in configuration** settings.

   Toggle **Use an external Identity Provider** to on. In the **Identity Providers** drop-down list, select “Auth0”.

   Click the **Save Changes** button.

You have just configured your zone to authenticate users through Auth0! Now, whenever a user of your service attempts to access an application or resource protected by Keycard, they’ll sign in via Auth0.