# Item Guidance

Architecture Tenant administrators defined Administrators in the

DEC10 Provision
Provision delegated tenant administrator (not applicable if Dashboard
tenant administrators Administrators in the
DEC15 you’re not using tenant Delegated Administration)
Enroll tenant administrators for MFA (Multi-factor Dashboard
Enrolling in Multi-factor
DEC17 support page and as a best practice for your production Authentication
Authentication) Tenant Settings in the
DEC20 tenant deployment
company/organization support team and as a best Dashboard
Tenant Settings in the
DEC25 practice for your production tenant
Session lifetime limits for SSO configured deployment Dashboard
Lifetime Limits for
DEC30 Configure session lifetime limits for SSO
Specify logout redirect URLs and not defined as Single
RedirectSign On After
Users
DEC40 localhost (not mandatory
Tenant environment tag but recommended)
assigned Logout
DEC50 Assign environment
and address any issuestag for each
raised (also tenant
applicable for non- Set
Howthe Environment
to Run the
DEC55 production tenants) Production
Align production tenant checks with best practices (also Production Checks: Checks
DEC57 applicable for non-production
Protect against brute force attacks tenants)
and use of breached BestAnomaly
Set PracticesDetection
DEC60 passwords
Install Auth0 Extensions Preferences
DEC70 Install desired extensions into each tenant Extensions
User ProvisioningDisable user signup where not required (not applicable if each database
DEC100 your are not (not
connections usingapplicable
Auth0 database connections)
if you are not using Auth0 connection
Set password policy for
DEC110 database connections) database connections
User Authentication
Allow callback URLs defined Redirect Users After
DEC200 Specify redirect URLs not defined as localhost. Login
application (not applicable if you are not using OIDC or
DEC210 OAuth2
mitigateworkflows)
limitations of out-of-box Auth0 Developer Keys Available
with Auth0 Grant Types
Developer
DEC220 (not applicable
Review if you
data being are not from
requested usingeach
social connections)
social connection Keys
DEC225 (not applicable
Configure SAMLifconnections
you are not to using
signsocial connections)
requests and use RSA- Review requestedfor
Use RSA-SHA256 data
DEC230 SHA256 (not applicable if you are not using SAML) SAML connections
User Profile Management
connections (not applicable if you are not using Auth0 Set password policy for
DEC400 database connections) database connections
User Logout Specify logout redirect URLs and not defined as Redirect users after
DEC500 localhost (not mandatory but recommended) logout
Deployment Automation
not using CI/CD pipeline, though not required if you are not How to unit test rules as
DEC800 using Ruleaextensibility)
not using CI/CD pipeline, though not required if you are part of CI/CD pipeline
DEC810 not
not using
using Hook
a CI/CDextensibility)
pipeline, through not required if you Hooks
Handling and
DEC820 have not implemented custom database scripts) Troubleshooting
Completed (or NA) Notes