This page describes the steps to create an authentication client application in the Auth0 identity platform.

Creating a Native application in Auth0

1. Log in to Auth0 identity platform and navigate to Applications > Applications.
   
2. Click Create application. In Choose application type, click Native.
   
3. In Name, enter the application name.
4. Click Create and go to the Settings tab.
   
   1. Domain – The domain used for authentication. You will need this value to create the Client Authentication provider in the SAFEQ Cloud web UI.
   2. Client ID – The ID of the application. You will need this value to create the Client Authentication provider in the SAFEQ Cloud web UI.
5. In Application URIs, enter the following URL in the Allowed Callback URLs field: http://127.0.0.1:7311/oidc/callback. This is necessary for end users to use the SAFEQ Cloud PC Client with client-based authentication.
   
   

Creating Client Authentication provider in SAFEQ Cloud web UI

1. In the SAFEQ Cloud Web UI, navigate to Users and Access > Authentication.
2. Click Add to add a new Authentication provider and fill in the following fields:
   
   1. Domains – Enter the domains of all users (with emails user@domain) who will authenticate to SAFEQ Cloud.
   2. Custom application id – Mandatory field. Enter the Client ID value of the Native application you created in the Auth0 platform.
   3. Auth0 Domain – Enter the Domain of your application in Auth0 platform.
   4. Auth0 API client id – Optional field. Enter same value as the Regular Web Application’s (Client) ID. For obtaining the value, see Add group synchronization app in the Auth0 identity management
   5. Auth0 API client secret – Optional field. Enter the same value as the Regular Web Application’s (Client) Secret. See “Add group synchronization app in the Auth0 identity management”:“https://docs.ysoft.cloud/3.33/en/topic/add-group-synchronization-app-in-the-auth0-identity-management.
   6. Auth0 Domain – Enter the same value as your application’s Domain in Auth0.
   7. Custom token claim names – in this section, you can define claim names in the token. Their values will be stored in the user attributes after login.
3. Click Save.
4. (Optional) If you wish to synchronize groups from Auth0:
   1. Click the edit icon next to your newly created Authentication provider.
   2. Click *Sync Group*s to start synchronization of groups from your Auth0 account. For prerequisites, see “”:https://docs.ysoft.cloud/3.33/en/topic/add-group-synchronization-app-in-the-auth0-identity-management.
      
5. Go to the Access control page.
6. Click Add.
   
7. In Authentication provider, select your newly created Authentication provider and click Search.
8. The default group Authenticated Users will become visible. You can use this groups and individual users in access controls to enable permissions for authenticated users.
9. If the group synchronization is set up, Auth0 Groups will be visible too. For more information about Auth0 Groups, see Auth0 documentation.

Logging in as a user
When an end user logs in for the first time, they must authorize the app.