Features

Auth0 SSO Integration

Learn how to configure Auth0 Single Sign-On (SSO) in BookYourPTO, including application setup, credentials, and authentication settings.

What Is Auth0 SSO?

Auth0 Single Sign-On (SSO) allows users to securely log in to BookYourPTO using external identity providers such as:

Google
Microsoft
GitHub

Instead of managing passwords separately, authentication is handled through a centralized identity provider.

Auth0 authentication is available only on Pro and Enterprise plans.

Before You Begin

Ensure you have:

Admin or Executive access in BookYourPTO
An active Auth0 account (tenant access)

Creating an Auth0 Application

Log in to the Auth0 Dashboard.
Navigate to: Applications → Create Application
Configure the application:
- Name — e.g., BookYourPTO SSO
- Application Type — Regular Web Application
Click Create.

Configuring Auth0 Settings

Open your application: Auth0 Dashboard → Applications → Your App → Settings
Copy the following credentials:
- Domain
- Client ID
- Client Secret
Navigate to: BookYourPTO → Settings → Auth0 Integration
Paste the credentials into the corresponding fields.

Configuring Application URIs

In the Auth0 application settings, scroll to Application URIs and configure:

Allowed Callback URLs

https://app.bookyourpto.com/auth/callback

Allowed Logout URLs

https://app.bookyourpto.com

Add additional URLs for staging or development environments if required.

Click Save Changes.

To allow users to sign in with third-party providers:

Navigate to: Auth0 Dashboard → Authentication → Social
Enable desired providers:
- Google
- Microsoft
- GitHub
Complete provider setup:

Provider	Setup Location
Google	Google Cloud Console
Microsoft	Azure Portal / Entra ID
GitHub	GitHub Developer Settings

Save configuration.

Enabled providers will automatically appear on the Auth0 login screen.

Configuring BookYourPTO

Navigate to: BookYourPTO → Settings → Auth0 Integration

Enter Credentials

Provide the following:

Domain
Client ID
Client Secret

User Provisioning

Control how users are created during login:

Option	Behavior
Auto-Create Users	New users are created automatically on first login
Manual Provisioning	Only existing users can log in

Allowed Email Domains

Restrict access to specific organizations:

Enter comma-separated domains: anhourtec.com, yourcompanyname.com
Only users with matching email domains are allowed access.

Authentication Modes

Define how users can log in:

Mode	Description
Hybrid Mode	Users can log in via Auth0 or email/password
SSO-Only Mode	Users must log in using Auth0 only

SSO-Only mode is typically used for organizations with centralized identity management.

Notes

Configuration changes apply immediately after saving
Incorrect credentials or URLs may cause login failures
Access and authentication behavior depend on configured settings and user roles

Expense Settings

The Expense Management section allows administrators to configure reimbursement settings, expense categories, per diem rates, mileage rates, receipt requirements, and approval policies for the organization.

Password & Authentication Policy

Learn how to configure password rules and authentication controls to secure access across your organization.