Skip to main content
Connect AI uses Auth0 as its managed identity broker. Any step that refers to the Auth0 tenant, domain, plan, or Rules and Actions is configured by CData on the broker side. If one applies to your issue, contact CData Support. The remaining steps are configured in your own identity provider.

Frequently Asked Questions

Use openid email profile. Only openid is mandatory; add others, like offline_access, solely when your scenario calls for refresh tokens.
Yes. On your side, enable User assignment required in Entra ID and assign only the intended users or groups. Additional filtering by email, domain, or group via Auth0 Actions or Rules is configured by CData on the broker side; contact CData Support if you need it.

Common Errors

  • A mismatched endpoint is the most likely cause. The common endpoint (https://login.microsoftonline.com/common) only requires your email domain. A tenant-specific endpoint (https://login.microsoftonline.com/companyname.com) additionally requires a client ID and client secret, so double-check that both are entered correctly.
  • Make sure the redirect URI registered in Entra ID exactly matches the broker’s callback URL (ends in /login/callback). CData provides the exact value when SSO is enabled.
  • Confirm the tenant ID is correct in all URLs.
A malformed URL is the usual cause. When you supply your Entra endpoints, use the v2.0 versions, with no trailing slashes and no query parameters such as ?scope=... in the URL. The connection strategy itself (OIDC versus SAML) is selected by CData on the broker side, so if the URLs look correct, contact CData Support.
Both common causes here are on the broker side that CData manages:
  • The connection may need to use the default Auth0 domain rather than a custom one.
  • The Auth0 plan must support Enterprise (SSO) connections.
Contact CData Support to check these.
To enable SSO for your account or for additional help, contact CData Support.