# Configuring external authentication

Buzzy can use **external identity providers**—such as Auth0, Google, Miro, Figma, and Slack—for login. This page explains the concepts and how to enable them on your deployment.

## What is external authentication?

External authentication lets users sign in with an identity provider you already use (e.g. your organisation’s Auth0 tenant or Google workspace). Buzzy supports this in **two distinct ways**:

1. **Authenticating with the Buzzy deployment (workspace)**\
   Users who sign in to the Buzzy workspace (editor) can choose “Login with Auth0”, “Login with Google”, and similar options when those providers are enabled. This controls who can access the Buzzy platform itself.
2. **Authenticating users of Buzzy apps**\
   App creators can add “Login with Auth0” (or other providers) inside their apps. End users of those apps then sign in via the external provider. The Buzzy server still validates the login and manages the session.

Both flows use the same Buzzy deployment and the same provider configuration. The difference is who is logging in: workspace users (editors, admins) vs end users of a published app.

{% @mermaid/diagram content="flowchart LR
subgraph workspace \[Workspace login]
WUser\[Workspace user] --> WLogin\[Login with Auth0 / Google etc]
WLogin --> Buzzy\[Buzzy deployment]
Buzzy --> Ext\[External provider]
Ext --> Buzzy
end
subgraph app \[App login]
AUser\[App end user] --> ALogin\[Login with Auth0 etc in app]
ALogin --> Buzzy2\[Buzzy deployment]
Buzzy2 --> Ext2\[External provider]
Ext2 --> Buzzy2
end" %}

## Supported providers

Buzzy supports login via a number of external providers, including:

* **Auth0**
* **Google**
* **Microsoft**
* **Miro**
* **Figma**
* **Slack**

Which providers appear (e.g. “Login with Auth0”) depends on how your deployment is configured. **Each deployment** can have a subset of these enabled; there is no requirement to enable all of them.

## How configuration works (current process)

Enabling an external provider requires both **your** setup in the provider’s system and **Buzzy** applying the configuration to your deployment. The process is currently **manual**: Buzzy support applies the settings to your deployment after you provide the necessary details.

### Your responsibility (customer)

Your organisation must create and configure the external system. For example:

* Create an application or tenant in the provider’s dashboard (e.g. an Auth0 Application, a Google OAuth client, or a Miro app).
* Obtain **client IDs**, **secrets** (or equivalent), and any provider-specific settings (e.g. Auth0 domain, scopes).
* Configure **allowed redirect or callback URLs** in the provider’s dashboard. For Buzzy, the callback URL will look like:
  * `https://<your-buzzy-deployment>/_oauth/<provider>`
  * Example for Auth0: `https://your-app.buzzy.buzz/_oauth/auth0`

Exact steps depend on the provider; see their documentation for creating OAuth or SSO applications.

### Buzzy’s responsibility

Configuration is applied **on the Buzzy side** by Buzzy support staff. Customers do not edit deployment settings (e.g. server or environment config) themselves. Buzzy staff will use the details you provide to enable the provider for your deployment.

### Process to enable a provider

1. **You:** Set up the external system (Auth0, Google, etc.) and gather the required credentials and settings (client ID, secret, callback URL, and any provider-specific values).
2. **You:** Contact **Buzzy support** and provide those details (via the channel or process your account uses).
3. **Buzzy:** Applies the configuration to your deployment.
4. **Result:** “Login with \[Provider]” appears where enabled (workspace sign-in and/or inside apps) and works for that deployment.

**This process is currently manual.** Buzzy support must apply the settings to the deployment; there is no self-service UI for adding new providers.

## Auth0 as an example

Auth0 is a common choice for organisations that want a single identity provider. Enabling it typically works as follows:

1. **You** create an Auth0 tenant and a **Regular Web Application** (or equivalent) in the Auth0 dashboard.
2. **You** configure **Allowed Callback URLs** to include your Buzzy deployment’s OAuth callback, e.g. `https://<your-deployment>/_oauth/auth0`.
3. **You** provide Buzzy support with: Auth0 **domain**, **client ID**, **client secret**, and any scope preferences (e.g. openid, profile, email).
4. **Buzzy** applies these to your deployment. After that, workspace users can use “Login with Auth0” and app creators can add “Login with Auth0” buttons in their apps.

The same general pattern applies to other providers (Google, Miro, etc.); the exact credentials and dashboard steps are documented by each provider.

## What app creators see

When a provider is enabled for your deployment, app creators can choose it in the Buzzy editor for SSO login actions—for example, adding a “Login with Auth0” or “Sign in with Google” button to an app screen. End users of the app then sign in via that provider; Buzzy validates the login and manages the session. No extra configuration is required in the app beyond selecting the provider for the login action.

## Next steps

* For general deployment and settings, see [Enterprise Installation](https://docs.buzzy.buzz/advanced-deployment-settings/installation) and [Buzzy settings](https://docs.buzzy.buzz/advanced-deployment-settings/installation/buzzy-settings).
* To enable a specific provider (Auth0, Google, Miro, etc.) on your deployment, **contact Buzzy support** and provide the credentials and callback URL as described above. You can [contact us](mailto:hello@buzzycompany.com?subject=Buzzy%20Deployment:%20External%20authentication) to request enabling an external authentication provider for your deployment.