This document provides guidance on best practices for configuring a Auth0 tenant across various areas including:
1. Provisioning tenant administrators and enrolling them in multi-factor authentication for added security.
2. Configuring session lifetime limits for single sign-on and specifying logout redirect URLs for improved user experience.
3. Assigning environment tags and addressing any issues to prepare the tenant for production use.
4. Implementing measures like anomaly detection and restricting user signups to strengthen the security posture.
This document provides guidance on best practices for configuring a Auth0 tenant across various areas including:
1. Provisioning tenant administrators and enrolling them in multi-factor authentication for added security.
2. Configuring session lifetime limits for single sign-on and specifying logout redirect URLs for improved user experience.
3. Assigning environment tags and addressing any issues to prepare the tenant for production use.
4. Implementing measures like anomaly detection and restricting user signups to strengthen the security posture.
This document provides guidance on best practices for configuring a Auth0 tenant across various areas including:
1. Provisioning tenant administrators and enrolling them in multi-factor authentication for added security.
2. Configuring session lifetime limits for single sign-on and specifying logout redirect URLs for improved user experience.
3. Assigning environment tags and addressing any issues to prepare the tenant for production use.
4. Implementing measures like anomaly detection and restricting user signups to strengthen the security posture.
Architecture Tenant administrators defined Administrators in the
DEC10 Provision Provision delegated tenant administrator (not applicable if Dashboard tenant administrators Administrators in the DEC15 you’re not using tenant Delegated Administration) Enroll tenant administrators for MFA (Multi-factor Dashboard Enrolling in Multi-factor DEC17 Authentication) support page and as a best practice for your production Authentication Tenant Settings in the DEC20 tenant deployment company/organization support team and as a best Dashboard Tenant Settings in the DEC25 practice for your production tenant Session lifetime limits for SSO configured deployment Dashboard Lifetime Limits for DEC30 Configure session lifetime limits for SSO Specify logout redirect URLs and not defined as Single RedirectSign On After Users DEC40 localhost (not mandatory Tenant environment tag but recommended) assigned Logout DEC50 Assign environment and address any issuestag for each raised (also tenant applicable for non- Set Howthe Environment to Run the DEC55 production tenants) Production Align production tenant checks with best practices (also Production Checks: Checks DEC57 applicable for non-production Protect against brute force attacks tenants) and use of breached BestAnomaly Set PracticesDetection DEC60 passwords Install Auth0 Extensions Preferences DEC70 Install desired extensions into each tenant Extensions User ProvisioningDisable user signup where not required (not applicable if each database DEC100 your are not (not connections usingapplicable Auth0 database connections) if you are not using Auth0 connection Set password policy for DEC110 database connections) database connections User Authentication Allow callback URLs defined Redirect Users After DEC200 Specify redirect URLs not defined as localhost. Login application (not applicable if you are not using OIDC or DEC210 OAuth2 mitigateworkflows) limitations of out-of-box Auth0 Developer Keys Available with Auth0 Grant Types Developer DEC220 (not applicable Review if you data being are not from requested usingeach social connections) social connection Keys DEC225 (not applicable Configure SAMLifconnections you are not to using signsocial connections) requests and use RSA- Review requestedfor Use RSA-SHA256 data DEC230 SHA256 (not applicable if you are not using SAML) SAML connections User Profile Management connections (not applicable if you are not using Auth0 Set password policy for DEC400 database connections) database connections User Logout Specify logout redirect URLs and not defined as Redirect users after DEC500 localhost (not mandatory but recommended) logout Deployment Automation not using CI/CD pipeline, though not required if you are not How to unit test rules as DEC800 using Ruleaextensibility) not using CI/CD pipeline, though not required if you are part of CI/CD pipeline DEC810 not not using using Hook a CI/CDextensibility) pipeline, through not required if you Hooks Handling and DEC820 have not implemented custom database scripts) Troubleshooting Completed (or NA) Notes