This document provides guidance on security and configuration best practices for an Auth0 tenant deployment organized by topic and date. The guidance includes provisioning tenant administrators, enabling multi-factor authentication, configuring session lifetime limits, assigning environment tags to tenants, implementing anomaly detection, installing desired extensions, setting password policies, specifying redirect URLs, reviewing requested data from social connections, configuring SAML connections, and automating deployment.
This document provides guidance on security and configuration best practices for an Auth0 tenant deployment organized by topic and date. The guidance includes provisioning tenant administrators, enabling multi-factor authentication, configuring session lifetime limits, assigning environment tags to tenants, implementing anomaly detection, installing desired extensions, setting password policies, specifying redirect URLs, reviewing requested data from social connections, configuring SAML connections, and automating deployment.
This document provides guidance on security and configuration best practices for an Auth0 tenant deployment organized by topic and date. The guidance includes provisioning tenant administrators, enabling multi-factor authentication, configuring session lifetime limits, assigning environment tags to tenants, implementing anomaly detection, installing desired extensions, setting password policies, specifying redirect URLs, reviewing requested data from social connections, configuring SAML connections, and automating deployment.
Architecture Tenant administrators defined Administrators in the
DEC10 Provision Provision delegated tenant administrator (not applicable if Dashboard tenant administrators Administrators in the DEC15 you’re not using tenant Delegated Administration) Enroll tenant administrators for MFA (Multi-factor Dashboard Enrolling in Multi-factor DEC17 support page and as a best practice for your production Authentication Authentication) Tenant Settings in the DEC20 tenant deployment company/organization support team and as a best Dashboard Tenant Settings in the DEC25 practice for your production tenant Session lifetime limits for SSO configured deployment Dashboard Lifetime Limits for DEC30 Configure session lifetime limits for SSO Specify logout redirect URLs and not defined as Single RedirectSign On After Users DEC40 localhost (not mandatory Tenant environment tag but recommended) assigned Logout DEC50 Assign environment and address any issuestag for each raised (also tenant applicable for non- Set Howthe Environment to Run the DEC55 production tenants) Production Align production tenant checks with best practices (also Production Checks: Checks DEC57 applicable for non-production Protect against brute force attacks tenants) and use of breached BestAnomaly Set PracticesDetection DEC60 passwords Install Auth0 Extensions Preferences DEC70 Install desired extensions into each tenant Extensions User ProvisioningDisable user signup where not required (not applicable if each database DEC100 your are not (not connections usingapplicable Auth0 database connections) if you are not using Auth0 connection Set password policy for DEC110 database connections) database connections User Authentication Allow callback URLs defined Redirect Users After DEC200 Specify redirect URLs not defined as localhost. Login application (not applicable if you are not using OIDC or DEC210 OAuth2 mitigateworkflows) limitations of out-of-box Auth0 Developer Keys Available with Auth0 Grant Types Developer DEC220 (not applicable Review if you data being are not from requested usingeach social connections) social connection Keys DEC225 (not applicable Configure SAMLifconnections you are not to using signsocial connections) requests and use RSA- Review requestedfor Use RSA-SHA256 data DEC230 SHA256 (not applicable if you are not using SAML) SAML connections User Profile Management connections (not applicable if you are not using Auth0 Set password policy for DEC400 database connections) database connections User Logout Specify logout redirect URLs and not defined as Redirect users after DEC500 localhost (not mandatory but recommended) logout Deployment Automation not using CI/CD pipeline, though not required if you are not How to unit test rules as DEC800 using Ruleaextensibility) not using CI/CD pipeline, though not required if you are part of CI/CD pipeline DEC810 not not using using Hook a CI/CDextensibility) pipeline, through not required if you Hooks Handling and DEC820 have not implemented custom database scripts) Troubleshooting Completed (or NA) Notes