Auth0 SSO Integration
What Is Auth0 SSO?
Auth0 Single Sign-On (SSO) allows users to securely log in to BookYourPTO using external identity providers such as:
- Microsoft
- GitHub
Instead of managing passwords separately, authentication is handled through a centralized identity provider.
Before You Begin
Ensure you have:
- Admin or Executive access in BookYourPTO
- An active Auth0 account (tenant access)
Creating an Auth0 Application
- Log in to the Auth0 Dashboard.
- Navigate to: Applications → Create Application
- Configure the application:
- Name — e.g.,
BookYourPTO SSO - Application Type —
Regular Web Application
- Name — e.g.,
- Click Create.
Configuring Auth0 Settings
- Open your application: Auth0 Dashboard → Applications → Your App → Settings
- Copy the following credentials:
- Domain
- Client ID
- Client Secret
- Navigate to: BookYourPTO → Settings → Auth0 Integration
- Paste the credentials into the corresponding fields.
Configuring Application URIs
In the Auth0 application settings, scroll to Application URIs and configure:
Allowed Callback URLs
https://app.bookyourpto.com/auth/callback
Allowed Logout URLs
https://app.bookyourpto.com
- Click Save Changes.
Enabling Social Login (Optional)
To allow users to sign in with third-party providers:
- Navigate to: Auth0 Dashboard → Authentication → Social
- Enable desired providers:
- Microsoft
- GitHub
- Complete provider setup:
| Provider | Setup Location |
|---|---|
| Google Cloud Console | |
| Microsoft | Azure Portal / Entra ID |
| GitHub | GitHub Developer Settings |
- Save configuration.
Configuring BookYourPTO
Navigate to: BookYourPTO → Settings → Auth0 Integration
Enable Auth0
- Toggle Auth0 Authentication ON
Enter Credentials
Provide the following:
- Domain
- Client ID
- Client Secret
User Provisioning
Control how users are created during login:
| Option | Behavior |
|---|---|
| Auto-Create Users | New users are created automatically on first login |
| Manual Provisioning | Only existing users can log in |
Allowed Email Domains
Restrict access to specific organizations:
- Enter comma-separated domains: anhourtec.com, yourcompanyname.com
- Only users with matching email domains are allowed access.
Authentication Modes
Define how users can log in:
| Mode | Description |
|---|---|
| Hybrid Mode | Users can log in via Auth0 or email/password |
| SSO-Only Mode | Users must log in using Auth0 only |
Notes
- Configuration changes apply immediately after saving
- Incorrect credentials or URLs may cause login failures
- Access and authentication behavior depend on configured settings and user roles
Expense Settings
The Expense Management section allows administrators to configure reimbursement settings, expense categories, per diem rates, mileage rates, receipt requirements, and approval policies for the organization.
Password & Authentication Policy
Learn how to configure password rules and authentication controls to secure access across your organization.