Implementing general usage and operations best practices in Auth0 ensures optimal performance, security, and stability. These practices include capturing log files, configuring custom email providers, avoiding Transport Layer Security (TLS) certificate pinning, and optimizing Autonomous System Number (ASN) binding.

• Auth0
• General Operations
• Best Practices

How are log files captured and stored externally?

Auth0 keeps tenant logs for a limited amount of time. To learn more, read Logs. To get log data and store it elsewhere, use the Auth0 Management API Search log events endpoint, stream the logs to an external service, or export log events using one of the available extensions for services such as Loggly or Splunk.

Configure a custom email provider and customize email templates.

Auth0 provides a test email provider to test the default welcome and email verification messages during tenant configuration. To learn more, read Email. The test provider only sends a limited number of emails, requiring administrators to configure a custom mail server. Utilize a unique email provider account per tenant. Sharing an email account between tenants causes potential problems or outages for one tenant when making changes to the service intended for another.

Additionally, configure and customize the templates for emails sent from Auth0. These include email verification messages, welcome messages, and password reset messages. For custom templates, provide a "from" address, a clear subject, custom content, and a link timeout for emails with a link (such as a password reset link).

Why should pinning or fingerprinting TLS certificates for Auth0 endpoints be avoided?

Auth0 does not support pinning or fingerprinting TLS certificates for Auth0 API endpoints. Doing so leads to outages and unexpected behaviors within applications or services. Certificates presented on Auth0 endpoints issue for varying expiry timeframes. Auth0 renews these certificates with different intermediate certificate authorities and root certificate authorities. Avoid any sort of pinning or fingerprinting since any aspect of the certificate chain changes at any time.

Subscribe to Updates on the Auth0 Status Page

Sign up for notifications at the Auth0 status page to receive alerts regarding Auth0 outages.

How is custom code stored in a source code repository?

For a full continuous integration and continuous deployment pipeline, use the Auth0 Deploy Command Line Interface (CLI) tool for greater flexibility. To learn more, read Deploy CLI Tool. The auth0-deploy-cli tool receives regular updates to provide feature enhancements, security improvements, and bug fixes. Before upgrading to a newer version, review the release notes and update configuration files accordingly.

Store Configuration Values in the Auth0 Dashboard

If Actions, Rules, Hooks, custom database scripts, or Webtasks require configuration values (such as credentials or API keys), store them in the Auth0 Dashboard. Storing configuration values in the Auth0 Dashboard makes migrating configuration between tenants easier. To learn more, read Set Up Multiple Environments.

When should Auth0 public IP addresses be added to an allowlist?

If Actions, Rules, Hooks, custom database scripts, or Webtasks call a service in an intranet or behind another firewall, add the Auth0 public IP addresses to the allowlist. This lets requests from those IP addresses through. Find the IP addresses for each region in the Auth0 Dashboard where rules, hooks, or custom database scripts are edited.

Run Tenant Configuration Checks Periodically

The Auth0 Support Center provides a configuration checker tool. Run the configuration checker periodically during development and again before launch. Run the configuration check by navigating through the Auth0 Support Center using the following steps.

1. Go to Auth0 Support Center > Tenants.
2. Select the gear icon.
3. Choose Run Production Check.

How is ASN binding optimized to prevent redirect loops?

An ASN is a unique identifier assigned to an Autonomous System comprising IP networks and routing devices under the control of an Administrative Domain (AD) owned by a Service Provider. Auth0 enables ASN binding for Auth0 Dashboard users by default, and this setting remains non-configurable. Mitigate redirect loops and frequent password prompts by verifying Virtual Private Network (VPN) stability and checking for public IP address changes caused by network load balancers.

• Connecting and disconnecting to either a corporate or commercial VPN changes the IP and ASN. Verify that when connected to the VPN, the public IP used to access the Internet does not change for the duration the VPN connection remains active.
• If using a VPN, verify the VPN connection remains stable. Random disconnects and connects resulting from network instability represent frequent changes to the public IP and ASN.
• Corporate networks utilize network or firewall load-balancers to prevent internet outages associated with relying on a single Internet Service Provider. Verify that the public IP does not frequently change while accessing Teams or the Auth0 Dashboard. Try using another network to test a successful login.