Docs/Single sign-on

Auth0

~8 minutes

Use Auth0 as the identity provider for an organisation. You'll register a Regular Web Application, set the callback URL to Wando, and copy the tenant credentials over.

Before you start

An Auth0 tenant.
An admin role on that tenant.
Your Wando contact on standby to receive the credentials at the end.

Steps

1
Open the Auth0 dashboard
Sign in at manage.auth0.com and confirm you are on the correct tenant (top-left dropdown). The tenant's "Domain" — for example acme.eu.auth0.com — is your issuer host.
2
Create a new application
In the left navigation open "Applications" → "Applications", then click "Create Application". Name it "Wando" and pick "Regular Web Applications". Click "Create".
3
Configure the application URLs
Open the new application's "Settings" tab. Scroll to "Application URIs" and fill in the three URL fields. Multiple URLs can be added by comma-separating them — useful if you run a separate staging environment.
Allowed Callback URLs
https://www.wando.tromb.com/api/auth/callback/<your-provider-id>
Allowed Logout URLs
https://www.wando.tromb.com
Allowed Web Origins
https://www.wando.tromb.com
4
Copy the Domain, Client ID and Client Secret
These live in the "Basic Information" section at the top of the same page. The Domain is your issuer; treat the Client Secret like a password.
5
Save the settings
Scroll to the bottom of the Settings tab and click "Save Changes". The application is now ready to accept sign-in requests from Wando.
6
Note the Auth0 issuer URL
Wando uses the OIDC discovery endpoint for the rest of the configuration:
```
https://<your-tenant>.<region>.auth0.com
```
For a custom Auth0 domain (e.g. login.acme.com), use that hostname instead.

Hand off to Wando

Send your values to your Wando contact

hej@wando.app

Send the values below to your Wando contact. They will wire them into your organisation's SSO config and confirm when Auth0 sign-in is live.

Suggested provider ID: auth0-<short-org-name>
Issuer URL: https://<your-tenant>.<region>.auth0.com
Email domain: acme.com
Client ID: From step 4
Client secret: From step 4

Steps

Open the Auth0 dashboard

Sign in at manage.auth0.com and confirm you are on the correct tenant (top-left dropdown). The tenant's "Domain" — for example acme.eu.auth0.com — is your issuer host.

Create a new application

In the left navigation open "Applications" → "Applications", then click "Create Application". Name it "Wando" and pick "Regular Web Applications". Click "Create".

Configure the application URLs

Open the new application's "Settings" tab. Scroll to "Application URIs" and fill in the three URL fields. Multiple URLs can be added by comma-separating them — useful if you run a separate staging environment.

Allowed Callback URLs: https://www.wando.tromb.com/api/auth/callback/<your-provider-id>
Allowed Logout URLs: https://www.wando.tromb.com
Allowed Web Origins: https://www.wando.tromb.com

Copy the Domain, Client ID and Client Secret

These live in the "Basic Information" section at the top of the same page. The Domain is your issuer; treat the Client Secret like a password.

Save the settings

Scroll to the bottom of the Settings tab and click "Save Changes". The application is now ready to accept sign-in requests from Wando.

Note the Auth0 issuer URL

Wando uses the OIDC discovery endpoint for the rest of the configuration:

https://<your-tenant>.<region>.auth0.com

For a custom Auth0 domain (e.g. login.acme.com), use that hostname instead.