Applies to Platform: Switchboard 6.8.x
Last update: 24 Apr 2025
A new major feature for the Endian Switchboard in 6.8.x is support for single sign-on (SSO) authentication utilizing OAuth 2.0 protocol for users to sign in to the platform. This includes support for just-in-time (JIT) provisioning which means users are both authorized for proper permission and onboarded to the platform. This means a user who has never logged in to the Switchboard will be able to do so granted he/she has the proper permissions and onboarding rules. In addition, each successive login attempt by a user results in the permissions and rules being checked each time which ensures changes are always synced increasing user and permission management efficiency.
Requirements
Before you begin you will need the following in order to complete this process:
- An Auth0 account with administrative policies or sufficient permission to create/manage a new app registration.
- An Endian Switchboard that is already setup and accessible on a public IP or FQDN.
- An account with administrative access on the Endian Switchboard.
Setup Auth0 App
Login to your Auth0 account by going to https://auth0.com/api/auth/login?redirectTo=dashboard
Go to Applications > Applications and select the default Auth0 application (called Default App)
Under the Settings tab, go to Application Properties
- Application Type: Select Regular Web Application
- Click Save Changes
Next go the Credentials tab, go to Application Authentication
- Authentication Method: Select Client Secret (Basic)
- Click Save
Finally go to APIs tab and enable (authorize) the Auth0 Management API
Copy the App Info
Once done, you can go to the application Settings page where you should make note (or copy) the following values related to this application:
- Domain
- Client ID
- Client Secret
Add Application API Permissions
In the application overview page, select APIs tab and expand the Auth0 Management API
- Then check (enable) the following permissions:
-
- read:users
- read:roles
-
- Click Update
Enable Database Authentication
In the application Connections tab, ensure the Username-Password-Authentication database is enabled (it is usually enabled by default).
Setup Switchboard Configuration
In the Switchboard Administration web interface (https://<green ip>:10443) navigate to Authentication > Providers and click the New provider button
- Connection Type: Select OAuth/OpenID
- OAuth Provider: Select Auth0
- Click Setup connection to proceed to the next step
- Name: Enter a descriptive name for the connection
- Client ID: Enter the client ID from the Auth0 Settings page
- Domain: Enter the domain from the Auth0 Settings page
- Client Secret: Enter the client secret Auth0 Settings page
- Click Create in order to validate the connection. You should see a success message if everything is entered correctly; otherwise you will get a failure message where you can then correct the issue.
Map the Provider to the Service
Navigate to Authentication > Services and click edit on the Switchboard service
Select the OAuth tab and select Add OAuth provider
- Select the Auth0 provider you previously created by click the
button
- Click Continue to save your selection
Configure the Callback URI
You should be directed back to the Edit Switchboard service page. Here you can click the Copy callback URI button to copy the URL into your clipboard automatically.
Once done, you then need to go back to your Auth0 admin page to enter this value in order for the app to know where to redirect the client after authentication. From the App Settings tab, you can paste the callback URI into the Application Login URI field.
Validate a Successful Login
At this point, you can now access the Switchboard portal and attempt to sign in using Entra ID as your authentication mechanism. The proper flow is displayed below in the image.
Comments