skip to main content
Browse documentation

Connecting an identity provider

Connect Auth0, Clerk, Amazon Cognito, or WorkOS in the dashboard so Syncanix can authenticate your end users through the provider you already use.

The identity-provider adapter is the recommended way to authenticate your end users. You connect your provider once, per environment, and Syncanix verifies the tokens it issues — no extra secret to manage and no second login for your users.

Where to set it up

Open Settings → Federation in the dashboard. Choose your provider, fill in the fields below, and save. Each provider needs only a handful of values, all of which you copy from your provider’s own dashboard.

Supported providers

Four providers are supported today. Each section lists the exact fields the dashboard asks for.

Connect Auth0

You’ll find all three values on your Auth0 application’s settings page.

Tenant domain
Your Auth0 domain, for example acme.us.auth0.com.
Application Client ID
The Client ID of the Auth0 application your users sign in to.
API audience (optional)
Set this only if your tokens target a specific API audience, for example https://api.acme.com.

Connect Clerk

Copy these from your Clerk instance settings.

Instance URL
Your Clerk frontend URL, for example https://acme.clerk.accounts.dev.
Client ID
The Client ID Clerk issues for your application.

Connect Amazon Cognito

Take these from your Cognito user pool and its app client.

Cognito domain
Your hosted-UI domain, for example acme.auth.eu-central-1.amazoncognito.com.
App client ID
The app client ID from your Cognito user pool.

Connect WorkOS

WorkOS uses single sign-on, so it needs your client and organization identifiers.

Client ID
Your WorkOS Client ID, for example client_xxxxxxxx.
Organization ID
The WorkOS organization your users belong to, for example org_xxxxxxxx.

Seamless actions on behalf of the user

For Auth0, Clerk, and Cognito you can tick “offline access”. When enabled, the provider issues a refresh token that Syncanix stores encrypted, so MCP tools can act on the user’s behalf without a separate connection step. WorkOS single sign-on does not issue refresh tokens, so the option doesn’t appear there.

Availability

Next steps

How MCP sign-in worksSee how the MCP server uses your provider to sign users in.API keysCreate the keys the CLI and widget use to reach your workspace.