Set up Auth0 single sign-on (OIDC) for SimplyPrint
Set up Auth0 single sign-on (OIDC) for SimplyPrint
This guide walks you through connecting Auth0 to SimplyPrint using OpenID Connect (OIDC), so your members sign in to SimplyPrint with their Auth0 accounts. You'll create a web application in Auth0, copy three values across, and run a test sign-in to confirm everything works.
Auth0 also works over SAML. If you'd rather use that, see Set up Auth0 single sign-on (SAML). Your account runs one SSO method at a time, so pick whichever your Auth0 admin prefers. Turning on OIDC deactivates SAML if you had it set up, but your SAML configuration is kept in case you switch back.
New to SSO in SimplyPrint? Start with the single sign-on overview, which compares SAML and OIDC and links every setup guide.
What you need before starting
- Admin access to your Auth0 tenant (the Auth0 Dashboard at manage.auth0.com).
- An account admin in SimplyPrint with the user registration settings permission.
- Your account on a plan that includes SSO (see the note above).
Open the OIDC configuration in SimplyPrint
First, open SimplyPrint so you have the redirect URI ready to paste into Auth0.
- Go to Settings -> Organization and open User registration & SSO.
- Tick OpenID Connect (OIDC) single sign-on.
- Click Configure OIDC single sign-on.
- Select the Other tab at the top of the modal.
Under What you need from us, click Copy next to Redirect URI. Keep this window open, you'll paste this value into Auth0 next, then come back to finish.
/oauth/callback. Use the value from the modal rather than typing it by hand, it must match exactly or Auth0 will reject the sign-in.Create a web application in Auth0
In the Auth0 Dashboard:
- Go to Applications -> Applications, then click Create Application.
- Give it a name, for example "SimplyPrint".
- Choose Regular Web Applications as the application type, then click Create.
- Open the app's Settings tab. Note the Domain, Client ID, and Client Secret near the top, you'll need all three.
- Scroll down to Allowed Callback URLs and paste the Redirect URI you copied from SimplyPrint.
- Click Save Changes.
New Auth0 web applications are OIDC-conformant by default, so there's nothing else to toggle.
Find your Auth0 issuer
SimplyPrint discovers the rest of the connection from your Auth0 issuer, which is your tenant domain as a URL:
https://your-tenant.us.auth0.com/
Replace your-tenant.us.auth0.com with the Domain from your app's Settings tab. If you use an Auth0 custom domain, use that instead.
/, and SimplyPrint checks the issuer exactly, so copy it as your Domain with https:// in front and a / at the end.Enter your Auth0 details in SimplyPrint
Back in the SimplyPrint OIDC window on the Other tab, under What we need from you:
- In Issuer URL, paste your Auth0 issuer (for example https://your-tenant.us.auth0.com/).
- Click Check. SimplyPrint fetches Auth0's discovery document and shows the resolved endpoints. A green "Discovery document looks good" message means the issuer is correct.
- Paste your Client ID.
- Paste your Client Secret. (Once a secret is saved it shows as "Unchanged", leave it blank on later edits to keep it, or enter a new one to replace it.)
- Leave Scopes as
openid profile emailunless you need more.
Click Save when you're done.
Map claims to user fields
The Other preset maps the standard OIDC claims: email to email, given_name to first name, and family_name to last name. Auth0 sends these on the profile and email scopes, so the defaults usually work as-is.
Auth0 does not send a groups claim by default. If you want to sort members into SimplyPrint user groups automatically, add a namespaced custom claim (for example https://simplyprint.io/groups) with an Auth0 Action on the login flow, then map that claim to user groups in SimplyPrint. The concept is the same as SAML group mapping, see the group mapping guide.
Test the connection
Before rolling this out to your members, use the built-in test.
- Save your settings first.
- Click Test sign-in in the OIDC window. This opens a new tab and runs the real Auth0 sign-in flow.
- SimplyPrint shows you the claims Auth0 returned, without logging anyone in or creating an account.
Check that the email and name claims arrived as expected. This is the recommended way to verify the connection before going live.
How sign-in and new accounts work
Once OIDC is active, members can sign in through Auth0. Existing SimplyPrint users can link their account, and new members can be created automatically on first sign-in.
A new account is created automatically only when the email address is trustworthy: Auth0 marked it as verified, the email's domain is one your account has verified, or an admin turned off Require verified email in the Advanced section. Auth0 database connections send a verified-email signal, so the default settings work for most tenants. If you ever see new members blocked from being created, verify your email domains, see verifying your email domains.
When members sign out of SimplyPrint, they're also signed out at Auth0, because Auth0 advertises a logout endpoint.
For more on linking and signing in:
Troubleshooting
If sign-in fails, the OIDC window has two tools built in:
- The Check button validates your issuer and shows Auth0's endpoints. Start here if the connection won't save or test.
- The debug panel shows the last claims received (email addresses are masked) and the last error reported for your provider.
Common things to check:
- The Redirect URI registered in Auth0's Allowed Callback URLs exactly matches the one shown in SimplyPrint.
- The issuer is your Auth0 domain as a URL with a trailing slash, and Check returns a green result.
- The Client ID and Client Secret are from the same Auth0 app, with no extra spaces.
For a deeper checklist that applies to every provider, see the OIDC troubleshooting guide.
Related articles
- Single sign-on (SSO) overview and setup guides
- Set up Auth0 single sign-on (SAML)
- Set up OpenID Connect (OIDC) single sign-on for SimplyPrint
- Set up OIDC single sign-on with any identity provider
- Verifying your email domains
- Troubleshooting OIDC single sign-on
Updated on: 07/07/2026
Thank you!