Sign in to ComplianceScout with Auth0 over OpenID Connect.
Copy these from ComplianceScout → Settings → SSO when you create the connection. The exact, per-connection values are shown there.
https://<your-app-host>/sso/oidc/callback/<connectionId>Copy the exact value shown in ComplianceScout → Settings → SSO when you create the connection. Do not hand-type it — most IdPs require an exact match (case and trailing slash included).
Steps verified against the vendor documentation linked at the bottom of this page. Labels can change — that link is the source of truth.
Sign in to the Auth0 Dashboard.
Go to Applications → Applications and click Create Application.
Name it (for example, ComplianceScout), choose Regular Web Applications, and click Create.
Open the application's Settings tab. Under Basic Information, note the Domain, Client ID, and Client Secret.
Under Application URIs, in Allowed Callback URLs, paste the Redirect URI exactly as shown in ComplianceScout → Settings → SSO. Click Save Changes.
Back in Settings → SSO, paste these into the connection and save.
https://<your-tenant>.<region>.auth0.com/Your Auth0 Domain as a full URL, with https:// and a trailing slash — this matches the iss value Auth0 issues. Confirm at https://<your-domain>/.well-known/openid-configuration.
<client-id><client-secret>Auth0 does not emit roles or groups by default. Add a post-login Action (Actions → Triggers → post-login) that sets a namespaced custom claim, e.g. api.idToken.setCustomClaim('https://yourdomain/groups', event.authorization?.roles). Auth0 silently drops non-namespaced claim names, so the claim name MUST be a URL. Set ComplianceScout's role-mapping claim to that exact namespaced name.
Enable MFA in your Auth0 tenant; with "Trust IdP for MFA" on, ComplianceScout honors the amr claim containing "mfa".
Configure the connection in Settings → SSO, then test sign-in before rolling it out to your team.