Skip to main content

Integrate Auth0 with Webcastcloud using OAuth Single Sign-On (SSO)

Updated

This article outlines how to configure Auth0 as the Identity Provider (IdP) and Webcastcloud as the Service Provider (SP) using OAuth2 for Single Sign-On (SSO). This enables your users to log in to Webcastcloud using their existing Auth0-managed identity.

 

Step 1: Create an Application in Auth0

  1. Log in to your Auth0 dashboard at https://manage.auth0.com.

  2. In the left-hand navigation, go to Applications > Applications.

  3. Click Create Application.

  4. Set:

    • Name: Webcastcloud SSO

    • Application Type: Select Regular Web Application

  5. Click Create.

 

Step 2: Configure Application Settings

  1. In the Application settings, configure the following fields:

    • Allowed Callback URLs:  https://site.webcastcloud.com/oauth/sso

      Or replace  site.webcastcloud.com with your Whitelabel Domain URL

    • Allowed Logout URLs: https://site.webcastcloud.com/oauth/ssologout

    • Allowed Web Origins:  https://site.webcastcloud.com

  2. Scroll down and click Save Changes.

Step 3: Gather OAuth Credentials

Once the application is created, copy the following details from the Settings tab:

  • Client ID

  • Client Secret

  • Domain (e.g., your-tenant.auth0.com)

You will use these to configure the Webcastcloud SSO settings.

 

Step 4: Configuration for Auth0 User Info Response

To enable Single Sign-On (SSO) via OAuth2 and retrieve relevant user details for Webcastcloud, your Auth0 setup must include the following fields in the response from the /userinfo endpoint.

Standard OIDC Claims

  • sub: Auth0 unique user ID

  • email: User’s email address

  • given_name / first_name: User’s first name

  • family_name / last_name: User’s last name

Custom Fields from app_metadata

These must be added to the user's app_metadata in Auth0 and exposed via a rule or Action:

  • contact_id: A unique member identifier from your system

  • memberType: A single value that defines the user’s subscription tier (e.g., “Premium Member”)

  • memberGroups: A list of products/events/content/groups the user has access to or is part of. 

Webcastcloud can handle the user attribute mapping automatically as long as these fields are correctly passed in the /userinfo response, allowing us to assign the appropriate access level and content permissions. for example; 'memberGroups' can be passed as 'subscriptions'.

Example User Info API Response

 

{
  "sub": "auth0|abc123",
  "email": "jane.doe@example.com",
  "given_name": "Jane",
  "family_name": "Doe",
  "contact_id": "C001234",
  "memberType": "Full Member",
  "subscriptions": [
    {
        "productId": "evt2025",
        "productName": "AnnualMeeting-2025"
    },
    {
        "productId": "web123",
        "productName": "CXO-Leadership-Series"
    },
    {
        "productId": "ceo001",
        "productName": "CEOGroup"
    }
  ]
}

In this structure:

  • memberType defines the user’s primary membership level.

  • subscriptions define the products, events, or group-based content the user can access.

  • Webcastcloud maps each product to a member group internally.

Note: If you call this array groups instead of subscriptions, we can support that too - just confirm the field name.

How to Expose Custom Metadata in Auth0

Auth0 doesn’t expose app_metadata by default in the /userinfo response. You need to configure this using an Action or Rule in your Auth0 dashboard.

Example Rule (Legacy):

function (user, context, callback) {
const namespace = 'https://webcastcloud.com/';
context.idToken[namespace + 'contact_id'] = user.app_metadata.contact_id;
context.idToken[namespace + 'memberType'] = user.app_metadata.memberType;
context.idToken[namespace + 'subscriptions'] = user.app_metadata.subscriptions;

return callback(null, user, context);

Replace https://webcastcloud.com/ with your actual namespace. OIDC-compliant custom claims must use a namespaced key.

If you're using Actions instead of Rules (recommended by Auth0), you can build an updated Action script.

If you require any support with configuring AUth0, please contact

 

Auth0 Support: If you're unsure how to expose custom fields from app_metadata, or how to configure a Rule or Action, we recommend contacting Auth0 support or your Auth0 administrator to assist with the correct setup.

 

Step 5: Configure Webcastcloud SSO Settings

  1. Log in to your Webcastcloud Admin Portal.

  2. Navigate to Settings >Platform >OAuth2 >Edit

  3. Add Auth0 details:

    • Tenant ID

    • Authorization URL:  https://login.yourdomain.com/authorize
    • Token URL: https://login.yourdomain.com/token

    • Client ID: Paste the Auth0 Client ID

    • Client Secret: Paste the Auth0 Client Secret

    • Scope: openid profile email 
    • User Info URL:  https://login.yourdomain.com/userinfo
    • Logoff URL:  https://login.yourdomain.com/v2/logout


  4. Member Response Mappings:  

The Member Response mappings can be used to map Auth0 properties that are sent to user ('member') attributes in webcastcloud. 

    • Select Add
    • Enter field pass from Auth0
    • Set Dynamic to true
    • Then select form the dropdown menu the field in webcastcloud that this will map too. 
    • For example: email -> Email
    • Repeat Steps to add additional user fields, similar to the below:

 

  • Save 
  • Toggle on Settings >Platform >OAuth2 >On

Step 6: Test login with a user

Log in using a test user account and call the /userinfo endpoint to verify the required fields are returned — including first_name, last_name, email, sub, contact_id, memberType, and memberGroups.

If any fields are missing, you can contact Auth0 support for help configuring your userinfo response.

Webcastcloud can also provide debug logs to assist with testing. If you need any support during setup, please contact Webcastcloud.

Related articles

Powered by Zendesk