This guide details the steps required to configure Keyless as a passwordless authentication solution for your Auth0 cloud instance.
Keyless and Auth0 have partnered to deliver true passwordless authentication for the workforce and for consumers.
This document provides a step-by-step introduction for configuring Auth0 to work with Keyless. In this guide Keyless will be set up as both an OpenID Connect service provider and a OpenID Connect identity provider for Auth0.

Configure Authentication Identity Provider

In order to enable your users to authenticate into Auth0 enabled apps via Keyless you’ll need to configure Keyless as a trusted IdP on Auth0.
As part of the onboarding process you’ll receive the following pieces of information from keyless to complete a Trusted IdP configuration.
Login Icon
Can be used as the logon Icon for Keyless authentication on Auth0 Login page
Discovery URL
OIDC Discovery endpoint provided by Keyless
Client ID
OIDC Client ID specific to you organization provided by Keyless
Client Secret
OIDC Client secret provided by Keyless
The steps are as follows
  • Create a new Enterprise Connection (IdP): Go to Authentication →Enterprise → OpenID Connect Click on (+) Icon
  • Provide a name for the Connection
  • Fill in OIDC Discovery URL in Issuer Field
  • Fill in ClientID provided by Keyless
  • Make a note of the callback URL that need to be sent to Keyless
  • Click Save
  • Once Saved go to Settings and General tab do the following
    • Select Back Channel as Type
    • Fill in client Secret field
  • Click Save Changes
  • Click on the ellipses (...) icon on the Connection just saved, Click Try Now
  • This will initiate a Keyless authentication
  • On successful authentication you’ll see the connection data
Update OIDC IdP Settings
Fill in data provided by Keyless
Test IdP Configuration

Configure Enrolment Service Provider

To enable enrolment of your users to Keyless we’ll need to configure a client application on Auth0. Parameters required to create the application on Auth0 are provided in your Keyless onboarding package. Once the application is configured you’ll need to send some configuration information back to Keyless to complete the configuration on Keyless end.
Following are the pieces of information from Keyless required to configure Auth0 Application:
Login URL
OIDC Client configuration provided by Keyless
Redirect URI
OIDC redirect URO provuded by Keyless
Logout URL
OIDC logout URL provided by Keyless
Keyless Enrolment URL
URL to Keyless Enrolment page for end users: provided by Keyless
  • Create Application: Applications --> Create Application --> Regular Web Applications
  • On Settings tab of the Application just created
    • o Make note of the following items that need to be sent back to Keyless
      • Domain
      • Client ID
      • Client Secret
    • Fill in the following information from the URLs provided by Keyless
      • Allowed Callback URL which is the Login URL (in the table above)
      • Allowed Logout URL which is the Logout URL provided
      • Allowed web origins which is the Redirect URI provided
Web Application Settings 1 of 4
Web Application Settings 2 of 4
Web Application Settings 3 of 4
Web Application Settings 4 of 4