Adaptive MFA now allows administrators to configure device remembrance durations (TTL) for the New Device assessor. The default remains at 30 days, but can now be customized to any value between 1–365 days.
When users log in successfully on a remembered device, that device’s TTL automatically refreshes to the currently configured value.
This enhancement provides greater flexibility to balance security and user convenience, helping teams align device remembrance with organizational policies and login patterns.
Configuration is available through both the Dashboard and the new Adaptive MFA Management API endpoints, enabling automated setup and management of device remembrance.
Learn more about configuration options in our Adaptive MFA documentation.
For details on the new Adaptive MFA Management API endpoints, visit the Risk Assessment API documentation.
Adaptive MFA now allows administrators to configure device remembrance durations (TTL) for the New Device assessor. The default remains at 30 days, but can now be customized to any value between 1–365 days.
When users log in successfully on a remembered device, that device’s TTL automatically refreshes to the currently configured value.
This enhancement provides greater flexibility to balance security and user convenience, helping teams align device remembrance with organizational policies and login patterns.
Configuration is available through both the Dashboard and the new Adaptive MFA Management API endpoints, enabling automated setup and management of device remembrance.
Learn more about configuration options in our Adaptive MFA documentation.
For details on the new Adaptive MFA Management API endpoints, visit the Risk Assessment API documentation.
Adaptive MFA now allows administrators to configure device remembrance durations (TTL) for the New Device assessor. The default remains at 30 days, but can now be customized to any value between 1–365 days.
When users log in successfully on a remembered device, that device’s TTL automatically refreshes to the currently configured value.
This enhancement provides greater flexibility to balance security and user convenience, helping teams align device remembrance with organizational policies and login patterns.
Configuration is available through both the Dashboard and the new Adaptive MFA Management API endpoints, enabling automated setup and management of device remembrance.
Learn more about configuration options in our Adaptive MFA documentation.
For details on the new Adaptive MFA Management API endpoints, visit the Risk Assessment API documentation.
We’re pleased to announce that Express Configuration with Okta is now generally available for Auth0 applications in the Okta Integration Network!
Express Configuration automates how your enterprise customers using Okta set up identity integrations with your Auth0 application. This includes configuring OpenID Connect (OIDC) for single sign-on, System for Cross-domain Identity Management (SCIM) for automated user onboarding and offboarding, and Global Token Revocation (GTR) for centralized session management with Universal Logout.
To learn more about Express Configuration with Okta, click here.
This feature is available immediately in all public cloud environments, and will be rolled out to private cloud environments as per their release pipeline.
We’re pleased to announce that Express Configuration with Okta is now generally available for Auth0 applications in the Okta Integration Network!
Express Configuration automates how your enterprise customers using Okta set up identity integrations with your Auth0 application. This includes configuring OpenID Connect (OIDC) for single sign-on, System for Cross-domain Identity Management (SCIM) for automated user onboarding and offboarding, and Global Token Revocation (GTR) for centralized session management with Universal Logout.
To learn more about Express Configuration with Okta, click here.
This feature is available immediately in all public cloud environments, and will be rolled out to private cloud environments as per their release pipeline.
We’re pleased to announce that Express Configuration with Okta is now generally available for Auth0 applications in the Okta Integration Network!
Express Configuration automates how your enterprise customers using Okta set up identity integrations with your Auth0 application. This includes configuring OpenID Connect (OIDC) for single sign-on, System for Cross-domain Identity Management (SCIM) for automated user onboarding and offboarding, and Global Token Revocation (GTR) for centralized session management with Universal Logout.
To learn more about Express Configuration with Okta, click here.
This feature is available immediately in all public cloud environments, and will be rolled out to private cloud environments as per their release pipeline.
We’re pleased to announce that Express Configuration with Okta is now generally available for Auth0 applications in the Okta Integration Network!
Express Configuration automates how your enterprise customers using Okta set up identity integrations with your Auth0 application. This includes configuring OpenID Connect (OIDC) for single sign-on, System for Cross-domain Identity Management (SCIM) for automated user onboarding and offboarding, and Global Token Revocation (GTR) for centralized session management with Universal Logout.
To learn more about Express Configuration with Okta, click here.
This feature is available immediately in all public cloud environments, and will be rolled out to private cloud environments as per their release pipeline.
We’re pleased to announce that Express Configuration with Okta is now generally available for Auth0 applications in the Okta Integration Network!
Express Configuration automates how your enterprise customers using Okta set up identity integrations with your Auth0 application. This includes configuring OpenID Connect (OIDC) for single sign-on, System for Cross-domain Identity Management (SCIM) for automated user onboarding and offboarding, and Global Token Revocation (GTR) for centralized session management with Universal Logout.
To learn more about Express Configuration with Okta, click here.
This feature is available immediately in all public cloud environments, and will be rolled out to private cloud environments as per their release pipeline.
We are thrilled to announce a major milestone: the General Availability (GA) of Auth0 for AI Agents!
Auth0 for AI Agents is a suite of features to empower developers to build secure agentic applications and experiences. The solution suite includes updates to: Token Vault for secure token based access to third-party APIs and applications; and Asynchronous Authorization for user approvals to keep the human in the loop for sensitive agent actions.
Here are some highlights of the latest updates to the solution suite:
You can read more about the solution suite and the component features in the Auth0 for AI documentation.
We are thrilled to announce a major milestone: the General Availability (GA) of Auth0 for AI Agents!
Auth0 for AI Agents is a suite of features to empower developers to build secure agentic applications and experiences. The solution suite includes updates to: Token Vault for secure token based access to third-party APIs and applications; and Asynchronous Authorization for user approvals to keep the human in the loop for sensitive agent actions.
Here are some highlights of the latest updates to the solution suite:
You can read more about the solution suite and the component features in the Auth0 for AI documentation.
We are thrilled to announce a major milestone: the General Availability (GA) of Auth0 for AI Agents!
Auth0 for AI Agents is a suite of features to empower developers to build secure agentic applications and experiences. The solution suite includes updates to: Token Vault for secure token based access to third-party APIs and applications; and Asynchronous Authorization for user approvals to keep the human in the loop for sensitive agent actions.
Here are some highlights of the latest updates to the solution suite:
You can read more about the solution suite and the component features in the Auth0 for AI documentation.
We are thrilled to announce a major milestone: the General Availability (GA) of Auth0 for AI Agents!
Auth0 for AI Agents is a suite of features to empower developers to build secure agentic applications and experiences. The solution suite includes updates to: Token Vault for secure token based access to third-party APIs and applications; and Asynchronous Authorization for user approvals to keep the human in the loop for sensitive agent actions.
Here are some highlights of the latest updates to the solution suite:
You can read more about the solution suite and the component features in the Auth0 for AI documentation.
We are thrilled to announce a major milestone: the General Availability (GA) of Auth0 for AI Agents!
Auth0 for AI Agents is a suite of features to empower developers to build secure agentic applications and experiences. The solution suite includes updates to: Token Vault for secure token based access to third-party APIs and applications; and Asynchronous Authorization for user approvals to keep the human in the loop for sensitive agent actions.
Here are some highlights of the latest updates to the solution suite:
You can read more about the solution suite and the component features in the Auth0 for AI documentation.
We’ve refined the logic behind how Security Center metrics are calculated to provide more accurate and actionable insights.
Metrics now reflect IP activity using the following logic:
When an IP address triggers more than 10 relevant events for a given metric within a single hour, it will now be counted toward that metric.
This update ensures greater consistency and reliability across event-based metrics within the Security Center.
For more details on which metrics are affected and their updated definitions, see the Security Center Metrics documentation
Auth0 is thrilled to announce that Auth for MCP is officially in Early Access! This release extends the power of Auth0’s standards-based authorization platform to the Model Context Protocol (MCP), securing your MCP servers, MCP clients, AI agents and the APIs they interact with.
With Auth for MCP, Auth0 integrates OAuth 2.1 and OpenID Connect directly into the MCP ecosystem, ensuring consistent access control and auditability across every agentic interaction.
Key capabilities include:
MCP Server Authorization: Protect your MCP Servers by leveraging Auth0’s Universal Login to authorize access. You can leverage social, enterprise, and custom identity providers with full support for MFA and advanced attack protection.
Standards-based discovery and registration: Allow MCP clients and servers to automatically discover authorization endpoints and dynamically register with Auth0. This removes manual setup and ensures consistent configuration across your environment.
Leveraging your Existing APIs: Enable MCP clients to securely call internal APIs on behalf of users using short-lived, purpose-scoped tokens.
Connecting to Third party APIs using Token Vault: Securely store, refresh, and revoke access tokens for third-party APIs. This lets your MCP applications act on behalf of users across external SaaS systems like Google, Microsoft, GitHub, and more.
Developer-ready integration: Explore quickstarts, guides, and sample apps to easily implement Auth for MCP. Auth0 provides ready-to-use examples for securing your MCP server, calling APIs on users’ behalf, and using the Token Vault with JavaScript or Python SDKs.
MCP Spec Compliance: Works with Auth0’s Resource Parameter Compatibility Profile and token dialect rfc9068_profile_authz, ensuring that access tokens include the permissions claim required for authorization in MCP.
This Early Access release allows developers to unify authorization across MCP clients, servers, and tools, improving governance of agent actions.
Auth for MCP is available today in Early Access. To participate, please submit the Early Access Form and/or contact your Auth0 Technical Account Manager.
For setup instructions, SDKs, and sample applications, and more, visit the Auth for MCP documentation.
We’ve refined the logic behind how Security Center metrics are calculated to provide more accurate and actionable insights.
Metrics now reflect IP activity using the following logic:
When an IP address triggers more than 10 relevant events for a given metric within a single hour, it will now be counted toward that metric.
This update ensures greater consistency and reliability across event-based metrics within the Security Center.
For more details on which metrics are affected and their updated definitions, see the Security Center Metrics documentation
Auth0 is thrilled to announce that Auth for MCP is officially in Early Access! This release extends the power of Auth0’s standards-based authorization platform to the Model Context Protocol (MCP), securing your MCP servers, MCP clients, AI agents and the APIs they interact with.
With Auth for MCP, Auth0 integrates OAuth 2.1 and OpenID Connect directly into the MCP ecosystem, ensuring consistent access control and auditability across every agentic interaction.
Key capabilities include:
MCP Server Authorization: Protect your MCP Servers by leveraging Auth0’s Universal Login to authorize access. You can leverage social, enterprise, and custom identity providers with full support for MFA and advanced attack protection.
Standards-based discovery and registration: Allow MCP clients and servers to automatically discover authorization endpoints and dynamically register with Auth0. This removes manual setup and ensures consistent configuration across your environment.
Leveraging your Existing APIs: Enable MCP clients to securely call internal APIs on behalf of users using short-lived, purpose-scoped tokens.
Connecting to Third party APIs using Token Vault: Securely store, refresh, and revoke access tokens for third-party APIs. This lets your MCP applications act on behalf of users across external SaaS systems like Google, Microsoft, GitHub, and more.
Developer-ready integration: Explore quickstarts, guides, and sample apps to easily implement Auth for MCP. Auth0 provides ready-to-use examples for securing your MCP server, calling APIs on users’ behalf, and using the Token Vault with JavaScript or Python SDKs.
MCP Spec Compliance: Works with Auth0’s Resource Parameter Compatibility Profile and token dialect rfc9068_profile_authz, ensuring that access tokens include the permissions claim required for authorization in MCP.
This Early Access release allows developers to unify authorization across MCP clients, servers, and tools, improving governance of agent actions.
Auth for MCP is available today in Early Access. To participate, please submit the Early Access Form and/or contact your Auth0 Technical Account Manager.
For setup instructions, SDKs, and sample applications, and more, visit the Auth for MCP documentation.
We’ve refined the logic behind how Security Center metrics are calculated to provide more accurate and actionable insights.
Metrics now reflect IP activity using the following logic:
When an IP address triggers more than 10 relevant events for a given metric within a single hour, it will now be counted toward that metric.
This update ensures greater consistency and reliability across event-based metrics within the Security Center.
For more details on which metrics are affected and their updated definitions, see the Security Center Metrics documentation
Auth0 is thrilled to announce that Auth for MCP is officially in Early Access! This release extends the power of Auth0’s standards-based authorization platform to the Model Context Protocol (MCP), securing your MCP servers, MCP clients, AI agents and the APIs they interact with.
With Auth for MCP, Auth0 integrates OAuth 2.1 and OpenID Connect directly into the MCP ecosystem, ensuring consistent access control and auditability across every agentic interaction.
Key capabilities include:
MCP Server Authorization: Protect your MCP Servers by leveraging Auth0’s Universal Login to authorize access. You can leverage social, enterprise, and custom identity providers with full support for MFA and advanced attack protection.
Standards-based discovery and registration: Allow MCP clients and servers to automatically discover authorization endpoints and dynamically register with Auth0. This removes manual setup and ensures consistent configuration across your environment.
Leveraging your Existing APIs: Enable MCP clients to securely call internal APIs on behalf of users using short-lived, purpose-scoped tokens.
Connecting to Third party APIs using Token Vault: Securely store, refresh, and revoke access tokens for third-party APIs. This lets your MCP applications act on behalf of users across external SaaS systems like Google, Microsoft, GitHub, and more.
Developer-ready integration: Explore quickstarts, guides, and sample apps to easily implement Auth for MCP. Auth0 provides ready-to-use examples for securing your MCP server, calling APIs on users’ behalf, and using the Token Vault with JavaScript or Python SDKs.
MCP Spec Compliance: Works with Auth0’s Resource Parameter Compatibility Profile and token dialect rfc9068_profile_authz, ensuring that access tokens include the permissions claim required for authorization in MCP.
This Early Access release allows developers to unify authorization across MCP clients, servers, and tools, improving governance of agent actions.
Auth for MCP is available today in Early Access. To participate, please submit the Early Access Form and/or contact your Auth0 Technical Account Manager.
For setup instructions, SDKs, and sample applications, and more, visit the Auth for MCP documentation.
We’ve refined the logic behind how Security Center metrics are calculated to provide more accurate and actionable insights.
Metrics now reflect IP activity using the following logic:
When an IP address triggers more than 10 relevant events for a given metric within a single hour, it will now be counted toward that metric.
This update ensures greater consistency and reliability across event-based metrics within the Security Center.
For more details on which metrics are affected and their updated definitions, see the Security Center Metrics documentation