Auth0 is a single-sign-on service that provides a layer of extensibility to your authentication strategy. Why would you need a service like this? Auth0 solves three primary needs: It allows for a centralized authentication service outside of Rock. For most organizations centralizing their authentication inside of Rock is a great feature. Others prefer to have all authentication reside in an independent service. This is often desirable if you have several other systems needing shared authentication and you don’t want to write Rock integrations for each.The second scenario where Auth0 makes a lot of sense is enabling social logins. Out of the box Rock supports most of the popular services, but Auth0 supports far more.Finally, if you need passwordless authentication (via SMS, email, etc.) or two-factor authentication Auth0 can provide that for you. Enough talk, let's get Auth0 configured for Rock. The instructions below assume that you have an Auth0 account with the desired connections and administrative settings pre-configured. The first step is to create a new ‘Client’ in the Auth0 administrator site. Select ‘Clients’ from the left-hand navigation to get started.Give your client a name and select the ‘Regular Web Applications’ option. 3. The next screen will show ‘Quick Start’ options. It’s much easier to just fill in the settings so head over to the ‘Settings’ tab. Here you’ll find the ‘Domain’, ‘Client ID’ and ‘Client Secret’. Keep track of these as you’ll need them in the Rock configuration. On this screen you’ll need to provide the following settings: Allowed Callback URLs – This is a list of Rock Login URLS that will be using Auth0. You can provide as many URLs here as you need, separated by a comma.You can also optionally add logos for the connection. This will help the individual logging in better understand what's happening. 4. Finally, you need to give your client some extra permissions. In the Auth0 manager head over to the APIs link and select the 'Auth0 Management API'. From the tabs at the top select 'Non Interactive Clients'. You should see your client listed here. Be sure that your client is 'Authorized'. Next, select the down arrow to authorize specific scopes. You'll need to enable both the 'read:users' and 'read:users_app_metadata' scopes.Authorizing a Client