> ## Documentation Index > Fetch the complete documentation index at: https://wundergraphinc-brendan-add-sof-link.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Auth0 > Setting up SSO with Auth0 ### Steps to set Auth0 as an OIDC identity provider Navigate to the Applications view within your Auth0 account. Either use the default application or create a new application by clicking on the **Create Application** button. A dialog will open, give the app a name, select the type of application and then click on the **Create** button. Creating a new Native application named My App Once the app is created, navigate to the Setting tab. Now copy the **Domain**, **Client ID** and **Client Secret**. Basic Information section showing app name My App and development domain Navigate to the settings page on Cosmo. * Click on **Connect.** Organization settings showing name, slug, and status of AI, RBAC, and SCIM features Give the connection a name, the **Discovery Endpoint** will be `https://YOUR_AUTH0_DOMAIN/.well-known/openid-configuration` **,** and paste the **Client ID** and **Client secret**copied before into the **Client ID** and **Client Secret fields respectively,** and then click on **Connect.** Connect OpenID Connect Provider form with fields for name, endpoint, and credentials Configure the mapping between the roles in Cosmo and the user roles in Auth0. The field **Group in the provider** can be populated with the name of the role or a regex to match the user roles. Once all the mappers are configured, click on **Save**. Group mapper configuration dialog linking provider groups to Cosmo roles Copy the sign-in and sign-out redirect URIs displayed in the dialog. Steps to configure OIDC provider with sign-in and sign-out redirect URLs Navigate back to the settings tab of the application created on Auth0 and populate the **Allowed Callback URLs** and **Allowed Logout URLs** redirect URIs with the above-copied sign-in and sign-out URLs respectively. Click on **Save Changes**. Application URI settings for callback and logout URLs in Cosmo Docs Now navigate to **Actions** -> **Library,** and then click on **the Build Custom**button**.** Cosmo Docs library page showing no installed actions or configurations Give the action a name, select **Login/Post Login** as the **Trigger** and **Node 18** as the **Runtime** and then click the **Create**button**.** Copy the below code and paste it into the editor shown, then click the **Deploy** button. ```js theme={null} exports.onExecutePostLogin = async (event, api) => { if(event.authorization){ api.idToken.setCustomClaim(`ssoGroups`, event.authorization.roles); } }; ``` Now navigate to **Actions** -> **Flows,** and then click on the **Login**flow**.** Navigate to the **Custom** tab on the right side of the page. Now drag the action and place it between Start and Complete as shown below, and then click on **Apply**. Login flow customization showing Start, test, and Complete actions Now you can assign users/groups to the application, and those users will be able to log into Cosmo using the URL provided on setting up the provider.