Auth0 Changelog

The enabled_clients field, within the connection object, is deprecated in the following scenarios:

• Retrieving multiple connections using (GET - /api/v2/connections).
• Retrieving a connection using (GET - /api/v2/connections/{id}).
• Updating a connection using (PATCH - /api/v2/connections/{id}).

As an alternative to the deprecated functionality, two new Management API endpoints are available:

• Get enabled clients for a connection.
• Update enabled clients for a connection.

We have provided additional information and timelines for enforcing this change across tenants through a dashboard and support center notification. It is important to note that when creating a new connection via the (POST - /api/v2/connections) endpoint, the enabled_clients field remains supported.

The enabled_clients field, within the connection object, is deprecated in the following scenarios:

• Retrieving multiple connections using (GET - /api/v2/connections).
• Retrieving a connection using (GET - /api/v2/connections/{id}).
• Updating a connection using (PATCH - /api/v2/connections/{id}).

As an alternative to the deprecated functionality, two new Management API endpoints are available:

• Get enabled clients for a connection.
• Update enabled clients for a connection.

We have provided additional information and timelines for enforcing this change across tenants through a dashboard and support center notification. It is important to note that when creating a new connection via the (POST - /api/v2/connections) endpoint, the enabled_clients field remains supported.

The enabled_clients field, within the connection object, is deprecated in the following scenarios:

• Retrieving multiple connections using (GET - /api/v2/connections).
• Retrieving a connection using (GET - /api/v2/connections/{id}).
• Updating a connection using (PATCH - /api/v2/connections/{id}).

As an alternative to the deprecated functionality, two new Management API endpoints are available:

• Get enabled clients for a connection.
• Update enabled clients for a connection.

We have provided additional information and timelines for enforcing this change across tenants through a dashboard and support center notification. It is important to note that when creating a new connection via the (POST - /api/v2/connections) endpoint, the enabled_clients field remains supported.

As part of our Continuous Session Protection, you can now configure ephemeral (non-persistent) sessions using Actions. This allows enterprise customers to dynamically control whether a session is stored in a persistent cookie or only in memory.

Ephemeral sessions:

• Exist only in memory and are cleared when the browser or app is closed.
• Are ideal for high-sensitivity workflows such as step-up authentication or use on public devices.
• Can be configured per session using api.session.setCookieMode("non-persistent") in post-login Actions.

This feature, previously in Early Access, is now in General Availability and available to all Enterprise tenants.

Learn more:

• Set Session Persistence with Actions
• Session Lifecycle
• Use Ephemeral Sessions with Actions to configure Keep Me Signed In

As part of our Continuous Session Protection, you can now configure ephemeral (non-persistent) sessions using Actions. This allows enterprise customers to dynamically control whether a session is stored in a persistent cookie or only in memory.

Ephemeral sessions:

• Exist only in memory and are cleared when the browser or app is closed.
• Are ideal for high-sensitivity workflows such as step-up authentication or use on public devices.
• Can be configured per session using api.session.setCookieMode("non-persistent") in post-login Actions.

This feature, previously in Early Access, is now in General Availability and available to all Enterprise tenants.

Learn more:

• Set Session Persistence with Actions
• Session Lifecycle
• Use Ephemeral Sessions with Actions to configure Keep Me Signed In

As part of our Continuous Session Protection, you can now configure ephemeral (non-persistent) sessions using Actions. This allows enterprise customers to dynamically control whether a session is stored in a persistent cookie or only in memory.

Ephemeral sessions:

• Exist only in memory and are cleared when the browser or app is closed.
• Are ideal for high-sensitivity workflows such as step-up authentication or use on public devices.
• Can be configured per session using api.session.setCookieMode("non-persistent") in post-login Actions.

This feature, previously in Early Access, is now in General Availability and available to all Enterprise tenants.

Learn more:

• Set Session Persistence with Actions
• Session Lifecycle
• Use Ephemeral Sessions with Actions to configure Keep Me Signed In

As part of our Continuous Session Protection, you can now configure ephemeral (non-persistent) sessions using Actions. This allows enterprise customers to dynamically control whether a session is stored in a persistent cookie or only in memory.

Ephemeral sessions:

• Exist only in memory and are cleared when the browser or app is closed.
• Are ideal for high-sensitivity workflows such as step-up authentication or use on public devices.
• Can be configured per session using api.session.setCookieMode("non-persistent") in post-login Actions.

This feature, previously in Early Access, is now in General Availability and available to all Enterprise tenants.

Learn more:

• Set Session Persistence with Actions
• Session Lifecycle
• Use Ephemeral Sessions with Actions to configure Keep Me Signed In

As part of our Continuous Session Protection, you can now configure ephemeral (non-persistent) sessions using Actions. This allows enterprise customers to dynamically control whether a session is stored in a persistent cookie or only in memory.

Ephemeral sessions:

• Exist only in memory and are cleared when the browser or app is closed.
• Are ideal for high-sensitivity workflows such as step-up authentication or use on public devices.
• Can be configured per session using api.session.setCookieMode("non-persistent") in post-login Actions.

This feature, previously in Early Access, is now in General Availability and available to all Enterprise tenants.

Learn more:

• Set Session Persistence with Actions
• Session Lifecycle
• Use Ephemeral Sessions with Actions to configure Keep Me Signed In

We are pleased to announce the expanded availability of Auth0 Private Cloud on Microsoft Azure, now supporting the 30x and 30x Burst performance tiers.

This update enables enterprise organizations to leverage high-scale, dedicated identity infrastructure while maintaining their commitment to the Azure ecosystem.

Performance at Scale

• 30x
  • Sustained Capacity: 3,000 RPS
  • Peak Burst Capacity: 3,000 RPS
  • Best for: Consistent, high-volume baseline traffic
• 30x Burst
  • Sustained Capacity: 1,500 RPS
  • Peak Burst Capacity: 3,000 RPS
  • Best for: Variable traffic with high-intensity spikes

Why This Matters

• Compliance & Residency: Deploy to the Azure region of your choice to satisfy localized data residency and compliance needs at scale.
• Financial Strategy: Burn down your existing Microsoft Azure Consumption Commitments (MACC) by investing in the market-leading identity platform.
• Operational Excellence: Benefit from a fully managed, dedicated instance that provides you infrastructure isolation and flexibility as you grow.

Get Started

These tiers are available immediately for new and existing customers. Please visit Auth0 documentation for more info.

We are pleased to announce the expanded availability of Auth0 Private Cloud on Microsoft Azure, now supporting the 30x and 30x Burst performance tiers.

This update enables enterprise organizations to leverage high-scale, dedicated identity infrastructure while maintaining their commitment to the Azure ecosystem.

Performance at Scale

• 30x
  • Sustained Capacity: 3,000 RPS
  • Peak Burst Capacity: 3,000 RPS
  • Best for: Consistent, high-volume baseline traffic
• 30x Burst
  • Sustained Capacity: 1,500 RPS
  • Peak Burst Capacity: 3,000 RPS
  • Best for: Variable traffic with high-intensity spikes

Why This Matters

• Compliance & Residency: Deploy to the Azure region of your choice to satisfy localized data residency and compliance needs at scale.
• Financial Strategy: Burn down your existing Microsoft Azure Consumption Commitments (MACC) by investing in the market-leading identity platform.
• Operational Excellence: Benefit from a fully managed, dedicated instance that provides you infrastructure isolation and flexibility as you grow.

Get Started

These tiers are available immediately for new and existing customers. Please visit Auth0 documentation for more info.

We are pleased to announce the expanded availability of Auth0 Private Cloud on Microsoft Azure, now supporting the 30x and 30x Burst performance tiers.

This update enables enterprise organizations to leverage high-scale, dedicated identity infrastructure while maintaining their commitment to the Azure ecosystem.

Performance at Scale

• 30x
  • Sustained Capacity: 3,000 RPS
  • Peak Burst Capacity: 3,000 RPS
  • Best for: Consistent, high-volume baseline traffic
• 30x Burst
  • Sustained Capacity: 1,500 RPS
  • Peak Burst Capacity: 3,000 RPS
  • Best for: Variable traffic with high-intensity spikes

Why This Matters

• Compliance & Residency: Deploy to the Azure region of your choice to satisfy localized data residency and compliance needs at scale.
• Financial Strategy: Burn down your existing Microsoft Azure Consumption Commitments (MACC) by investing in the market-leading identity platform.
• Operational Excellence: Benefit from a fully managed, dedicated instance that provides you infrastructure isolation and flexibility as you grow.

Get Started

These tiers are available immediately for new and existing customers. Please visit Auth0 documentation for more info.

We are pleased to announce the expanded availability of Auth0 Private Cloud on Microsoft Azure, now supporting the 30x and 30x Burst performance tiers.

This update enables enterprise organizations to leverage high-scale, dedicated identity infrastructure while maintaining their commitment to the Azure ecosystem.

Performance at Scale

• 30x
  • Sustained Capacity: 3,000 RPS
  • Peak Burst Capacity: 3,000 RPS
  • Best for: Consistent, high-volume baseline traffic
• 30x Burst
  • Sustained Capacity: 1,500 RPS
  • Peak Burst Capacity: 3,000 RPS
  • Best for: Variable traffic with high-intensity spikes

Why This Matters

• Compliance & Residency: Deploy to the Azure region of your choice to satisfy localized data residency and compliance needs at scale.
• Financial Strategy: Burn down your existing Microsoft Azure Consumption Commitments (MACC) by investing in the market-leading identity platform.
• Operational Excellence: Benefit from a fully managed, dedicated instance that provides you infrastructure isolation and flexibility as you grow.

Get Started

These tiers are available immediately for new and existing customers. Please visit Auth0 documentation for more info.

We are pleased to announce the expanded availability of Auth0 Private Cloud on Microsoft Azure, now supporting the 30x and 30x Burst performance tiers.

This update enables enterprise organizations to leverage high-scale, dedicated identity infrastructure while maintaining their commitment to the Azure ecosystem.

Performance at Scale

• 30x
  • Sustained Capacity: 3,000 RPS
  • Peak Burst Capacity: 3,000 RPS
  • Best for: Consistent, high-volume baseline traffic
• 30x Burst
  • Sustained Capacity: 1,500 RPS
  • Peak Burst Capacity: 3,000 RPS
  • Best for: Variable traffic with high-intensity spikes

Why This Matters

• Compliance & Residency: Deploy to the Azure region of your choice to satisfy localized data residency and compliance needs at scale.
• Financial Strategy: Burn down your existing Microsoft Azure Consumption Commitments (MACC) by investing in the market-leading identity platform.
• Operational Excellence: Benefit from a fully managed, dedicated instance that provides you infrastructure isolation and flexibility as you grow.

Get Started

These tiers are available immediately for new and existing customers. Please visit Auth0 documentation for more info.

We’re excited to announce the Open Early Access (EA) of Custom Token Exchange. OAuth 2.0 Token Exchange allows to trade one security token for another (typically an Access Token). With Custom Token Exchange, you can run Auth0 Actions as part of that exchange, giving you a flexible way to inject custom logic and implement your own authentication and authorization semantics. This lets you validate and authorize the request, and precisely set the user for every token exchange transaction.

Key highlights of this release:

• Automatic Entitlement: The feature is now automatically available to all Enterprise and B2B Pro customers to be used for testing and production (no manual enablement required).
• Organizations Support: Full compatibility with Organizations. You can now pass the organization parameter in the request or use the new setOrganization function within your Action.
• Enhanced Security: Includes Multi-Factor Authentication (MFA) support during the exchange.

To learn more, read the reference documentation.

We're excited to announce a significant update to the Security Center, marking the first major enhancement since last year's introduction of Thresholds and Alerts! These new capabilities drastically improve your ability to monitor, analyze, and respond to security threats with greater precision and speed.

What's New:

• Granular Filtering by Applications and Connections: You can now filter security metrics within the Overview and Threat Monitoring pages by specific applications and connections. This allows for a more detailed examination of your tenant traffic, enabling faster incident triage and more effective troubleshooting by visualizing subsets of data.
• Deeper Insights into Top Threat Behaviors: We've introduced new charts to highlight the top 5 connections and IPs associated with various security metrics. These groupings provide quick insights into potential anomalies and common threat behaviors, empowering you to identify and address risks more efficiently.
• Consolidated Threat Monitoring View: The Threat Monitoring page has been revamped to offer a more intuitive and unified experience. This updated view, combined with the new filtering options by application and connection, streamlines your ability to track and respond to threats effectively.

These enhancements are available on all public cloud envirovments and gradually rolling out to private cloud environments.

Explore the updated Security Center today to take control of your security insights and strengthen your security posture!

We're excited to announce a significant update to the Security Center, marking the first major enhancement since last year's introduction of Thresholds and Alerts! These new capabilities drastically improve your ability to monitor, analyze, and respond to security threats with greater precision and speed.

What's New:

• Granular Filtering by Applications and Connections: You can now filter security metrics within the Overview and Threat Monitoring pages by specific applications and connections. This allows for a more detailed examination of your tenant traffic, enabling faster incident triage and more effective troubleshooting by visualizing subsets of data.
• Deeper Insights into Top Threat Behaviors: We've introduced new charts to highlight the top 5 connections and IPs associated with various security metrics. These groupings provide quick insights into potential anomalies and common threat behaviors, empowering you to identify and address risks more efficiently.
• Consolidated Threat Monitoring View: The Threat Monitoring page has been revamped to offer a more intuitive and unified experience. This updated view, combined with the new filtering options by application and connection, streamlines your ability to track and respond to threats effectively.

These enhancements are available on all public cloud envirovments and gradually rolling out to private cloud environments.

Explore the updated Security Center today to take control of your security insights and strengthen your security posture!

We’re excited to announce the Open Early Access (EA) of Custom Token Exchange. OAuth 2.0 Token Exchange allows to trade one security token for another (typically an Access Token). With Custom Token Exchange, you can run Auth0 Actions as part of that exchange, giving you a flexible way to inject custom logic and implement your own authentication and authorization semantics. This lets you validate and authorize the request, and precisely set the user for every token exchange transaction.

Key highlights of this release:

• Automatic Entitlement: The feature is now automatically available to all Enterprise and B2B Pro customers to be used for testing and production (no manual enablement required).
• Organizations Support: Full compatibility with Organizations. You can now pass the organization parameter in the request or use the new setOrganization function within your Action.
• Enhanced Security: Includes Multi-Factor Authentication (MFA) support during the exchange.

To learn more, read the reference documentation.

We're excited to announce a significant update to the Security Center, marking the first major enhancement since last year's introduction of Thresholds and Alerts! These new capabilities drastically improve your ability to monitor, analyze, and respond to security threats with greater precision and speed.

What's New:

• Granular Filtering by Applications and Connections: You can now filter security metrics within the Overview and Threat Monitoring pages by specific applications and connections. This allows for a more detailed examination of your tenant traffic, enabling faster incident triage and more effective troubleshooting by visualizing subsets of data.
• Deeper Insights into Top Threat Behaviors: We've introduced new charts to highlight the top 5 connections and IPs associated with various security metrics. These groupings provide quick insights into potential anomalies and common threat behaviors, empowering you to identify and address risks more efficiently.
• Consolidated Threat Monitoring View: The Threat Monitoring page has been revamped to offer a more intuitive and unified experience. This updated view, combined with the new filtering options by application and connection, streamlines your ability to track and respond to threats effectively.

These enhancements are available on all public cloud envirovments and gradually rolling out to private cloud environments.

Explore the updated Security Center today to take control of your security insights and strengthen your security posture!

We’re excited to announce the Open Early Access (EA) of Custom Token Exchange. OAuth 2.0 Token Exchange allows to trade one security token for another (typically an Access Token). With Custom Token Exchange, you can run Auth0 Actions as part of that exchange, giving you a flexible way to inject custom logic and implement your own authentication and authorization semantics. This lets you validate and authorize the request, and precisely set the user for every token exchange transaction.

Key highlights of this release:

• Automatic Entitlement: The feature is now automatically available to all Enterprise and B2B Pro customers to be used for testing and production (no manual enablement required).
• Organizations Support: Full compatibility with Organizations. You can now pass the organization parameter in the request or use the new setOrganization function within your Action.
• Enhanced Security: Includes Multi-Factor Authentication (MFA) support during the exchange.

To learn more, read the reference documentation.

We're excited to announce a significant update to the Security Center, marking the first major enhancement since last year's introduction of Thresholds and Alerts! These new capabilities drastically improve your ability to monitor, analyze, and respond to security threats with greater precision and speed.

What's New:

• Granular Filtering by Applications and Connections: You can now filter security metrics within the Overview and Threat Monitoring pages by specific applications and connections. This allows for a more detailed examination of your tenant traffic, enabling faster incident triage and more effective troubleshooting by visualizing subsets of data.
• Deeper Insights into Top Threat Behaviors: We've introduced new charts to highlight the top 5 connections and IPs associated with various security metrics. These groupings provide quick insights into potential anomalies and common threat behaviors, empowering you to identify and address risks more efficiently.
• Consolidated Threat Monitoring View: The Threat Monitoring page has been revamped to offer a more intuitive and unified experience. This updated view, combined with the new filtering options by application and connection, streamlines your ability to track and respond to threats effectively.

These enhancements are available on all public cloud envirovments and gradually rolling out to private cloud environments.

Explore the updated Security Center today to take control of your security insights and strengthen your security posture!