Auth0 already powers your authentication. You don’t need to change that.
But now, your customers want SSO. And you want to support it—without jumping through pricing tiers, setting up IdPs by hand, or building tools for IT admins from scratch.
Scalekit helps you add SSO on top of Auth0.
You plug it in once. From there, you can create organizations, configure SSO (SAML or OIDC), test with an IdP simulator, and share a hosted portal with your customers' IT teams. Behind the scenes, Scalekit connects the user back to Auth0—so your existing sessions, users, and flows stay untouched.
In this guide, we’ll show you how to set up Scalekit with Auth0 and go live with your first SSO connection without rewrites, migrations, and surprises.
Scalekit sits in front of your app, just for SSO. You still use Auth0 to manage sessions and user identities. That stays exactly as is.
From there, you continue the login as usual like starting a session, setting cookies, issuing tokens, etc. All of that still runs through Auth0.
So, in short, Scalekit handles SSO and Auth0 handles sessions.
Scalekit and Auth0 work together, but they handle different parts of the login flow.
Scalekit is responsible for the SSO handshake with the customer’s IdP. Auth0 still manages user sessions and tokens once the user reaches your app.
Here’s how the pieces connect:
Scalekit acts as an external OIDC identity provider that connects your customer’s IdP to Auth0.
Grab the required values from your:
Once Auth0 knows how to talk to Scalekit, you need to tell Scalekit where to send users after login.
In your Auth0 dashboard, copy the Callback URL and configure it within Scalekit's dashboard. This ensures users flow cleanly from Scalekit to Auth0 after a successful SSO login.
Now that the connection is ready, set up an actual org that will use SSO.
In Scalekit, create a new organization and share the admin portal link with your customer’s IT team so they can configure their IdP (SAML or OIDC).
Also, you can map a domain to this org so Scalekit can route login requests correctly.
This step tells Auth0 when to use the Scalekit connection—based on the user’s email domain.
In Auth0, add the respective email domain so that Auth0 can route those users to Scalekit for an SSO based login.
Adding Scalekit to your Auth0 setup gives you a clean separation of concerns. Scalekit handles the SSO handshake and identity connection. You stay in control of user profiles and session logic inside Auth0.
Recommended: A side-by-side comparison of SSO features, integration, and pricing, so you can pick the enterprise solution that best fits your stack: Scalekit vs Auth0 👉
You’ve now added enterprise SSO to your Auth0 setup—without rebuilding your auth stack.
Scalekit handles the SSO handshake. Your customers configure their own IdPs. And Auth0 continues to manage users and sessions, just like before.
So when the next enterprise customer asks, “Can you support SSO?”, you already do!