How to get Auth0 credentials to set up SSO

What is it for?

• Connects Whalemate to your organization's identity system via SSO

• Centralizes login: users sign in with their corporate credentials without creating a new account

• Eliminates manual user management inside the platform

• Enables access control from Auth0, including security policies and MFA

How to use it?

Navigation: manage.auth0.com → Applications → Applications → [your app] → Settings

1. Go to manage.auth0.com and select your organization's tenant from the top-left corner.

2. In the side menu, click Applications → Applications.

3. If an application for Whalemate already exists, select it. If not, click Create Application:

   • Name: e.g. Whalemate SSO

   • Type: Regular Web Application

   • Click Create

4. Inside the application, open the Settings tab.

5. Under Basic Information, copy the following values and paste them into Whalemate:

   • Client ID

   • Client Secret

   • Domain (format: your-tenant.auth0.com)

     The Client Secret is sensitive. Do not share or expose it publicly.

6. On the same tab, scroll down to Application URIs and fill in the following fields:

   Field	Value
   Allowed Callback URLs	https://back.whalemate.com/auth0/oidc/callback
   Allowed Logout URLs	https://back.whalemate.com
   Allowed Web Origins	https://back.whalemate.com

   You can also find the callback URL on the Whalemate integrations screen.

7. Click Save Changes.

8. Return to Whalemate and paste the copied values into the corresponding SSO configuration fields.

❓ Frequently asked questions

• What if I don't have admin permissions in Auth0?

You need administrator permissions on your organization's Auth0 tenant to create applications and access credentials. Contact your IT administrator or tenant owner.

• Can I reuse an existing Auth0 application?

Yes. If an application for Whalemate already exists, you can reuse it. Just make sure the callback URLs are correctly configured.

• Where do I find the Domain if I have multiple tenants?

The Domain corresponds to the tenant you selected when logging into Auth0 (top-left corner). Each tenant has its own domain.

• Why is it required to configure the callback URLs?

Auth0 uses these URLs to redirect the user after login. Without them, the authentication flow will fail and users won't be able to sign in.

• What type of Auth0 application should I create?

It must be a Regular Web Application. Other types are not compatible with Whalemate's SSO flow.

Have feedback or want to request improvements? Let us know at roadmap.whalemate.com/roadmap