Auth0 is thrilled to announce that Auth for MCP is officially in Early Access! This release extends the power of Auth0’s standards-based authorization platform to the Model Context Protocol (MCP), securing your MCP servers, MCP clients, AI agents and the APIs they interact with.
With Auth for MCP, Auth0 integrates OAuth 2.1 and OpenID Connect directly into the MCP ecosystem, ensuring consistent access control and auditability across every agentic interaction.
Key capabilities include:
MCP Server Authorization: Protect your MCP Servers by leveraging Auth0’s Universal Login to authorize access. You can leverage social, enterprise, and custom identity providers with full support for MFA and advanced attack protection.
Standards-based discovery and registration: Allow MCP clients and servers to automatically discover authorization endpoints and dynamically register with Auth0. This removes manual setup and ensures consistent configuration across your environment.
Leveraging your Existing APIs: Enable MCP clients to securely call internal APIs on behalf of users using short-lived, purpose-scoped tokens.
Connecting to Third party APIs using Token Vault: Securely store, refresh, and revoke access tokens for third-party APIs. This lets your MCP applications act on behalf of users across external SaaS systems like Google, Microsoft, GitHub, and more.
Developer-ready integration: Explore quickstarts, guides, and sample apps to easily implement Auth for MCP. Auth0 provides ready-to-use examples for securing your MCP server, calling APIs on users’ behalf, and using the Token Vault with JavaScript or Python SDKs.
MCP Spec Compliance: Works with Auth0’s Resource Parameter Compatibility Profile and token dialect rfc9068_profile_authz, ensuring that access tokens include the permissions claim required for authorization in MCP.
This Early Access release allows developers to unify authorization across MCP clients, servers, and tools, improving governance of agent actions.
Auth for MCP is available today in Early Access. To participate, please submit the Early Access Form and/or contact your Auth0 Technical Account Manager.
For setup instructions, SDKs, and sample applications, and more, visit the Auth for MCP documentation.
Auth0 is thrilled to announce that Auth for MCP is officially in Early Access! This release extends the power of Auth0’s standards-based authorization platform to the Model Context Protocol (MCP), securing your MCP servers, MCP clients, AI agents and the APIs they interact with.
With Auth for MCP, Auth0 integrates OAuth 2.1 and OpenID Connect directly into the MCP ecosystem, ensuring consistent access control and auditability across every agentic interaction.
Key capabilities include:
MCP Server Authorization: Protect your MCP Servers by leveraging Auth0’s Universal Login to authorize access. You can leverage social, enterprise, and custom identity providers with full support for MFA and advanced attack protection.
Standards-based discovery and registration: Allow MCP clients and servers to automatically discover authorization endpoints and dynamically register with Auth0. This removes manual setup and ensures consistent configuration across your environment.
Leveraging your Existing APIs: Enable MCP clients to securely call internal APIs on behalf of users using short-lived, purpose-scoped tokens.
Connecting to Third party APIs using Token Vault: Securely store, refresh, and revoke access tokens for third-party APIs. This lets your MCP applications act on behalf of users across external SaaS systems like Google, Microsoft, GitHub, and more.
Developer-ready integration: Explore quickstarts, guides, and sample apps to easily implement Auth for MCP. Auth0 provides ready-to-use examples for securing your MCP server, calling APIs on users’ behalf, and using the Token Vault with JavaScript or Python SDKs.
MCP Spec Compliance: Works with Auth0’s Resource Parameter Compatibility Profile and token dialect rfc9068_profile_authz, ensuring that access tokens include the permissions claim required for authorization in MCP.
This Early Access release allows developers to unify authorization across MCP clients, servers, and tools, improving governance of agent actions.
Auth for MCP is available today in Early Access. To participate, please submit the Early Access Form and/or contact your Auth0 Technical Account Manager.
For setup instructions, SDKs, and sample applications, and more, visit the Auth for MCP documentation.
We’ve refined the logic behind how Security Center metrics are calculated to provide more accurate and actionable insights.
Metrics now reflect IP activity using the following logic:
When an IP address triggers more than 10 relevant events for a given metric within a single hour, it will now be counted toward that metric.
This update ensures greater consistency and reliability across event-based metrics within the Security Center.
For more details on which metrics are affected and their updated definitions, see the Security Center Metrics documentation
We are thrilled to announce a significant expansion of capabilities within the Multiple Custom Domains (MCD) Early Access program for Enterprise customers.
This update delivers powerful branding and white-labeling capabilities with improved flexibility to scale your identity solution from a single Auth0 tenant.
Please refer to Auth0 docs for details - Multiple Custom Domains.
These updates are available automatically to the current participants in MCD Early Access program. If you're interested in joining the MCD Early Access program, please send a request through the Auth0 Support Center and contact your Technical Account Manager (TAM) or Auth0 Sales Executive.
We are thrilled to announce a significant expansion of capabilities within the Multiple Custom Domains (MCD) Early Access program for Enterprise customers.
This update delivers powerful branding and white-labeling capabilities with improved flexibility to scale your identity solution from a single Auth0 tenant.
Please refer to Auth0 docs for details - Multiple Custom Domains.
These updates are available automatically to the current participants in MCD Early Access program. If you're interested in joining the MCD Early Access program, please send a request through the Auth0 Support Center and contact your Technical Account Manager (TAM) or Auth0 Sales Executive.
We are thrilled to announce a significant expansion of capabilities within the Multiple Custom Domains (MCD) Early Access program for Enterprise customers.
This update delivers powerful branding and white-labeling capabilities with improved flexibility to scale your identity solution from a single Auth0 tenant.
Please refer to Auth0 docs for details - Multiple Custom Domains.
These updates are available automatically to the current participants in MCD Early Access program. If you're interested in joining the MCD Early Access program, please send a request through the Auth0 Support Center and contact your Technical Account Manager (TAM) or Auth0 Sales Executive.
We are thrilled to announce a significant expansion of capabilities within the Multiple Custom Domains (MCD) Early Access program for Enterprise customers.
This update delivers powerful branding and white-labeling capabilities with improved flexibility to scale your identity solution from a single Auth0 tenant.
Please refer to Auth0 docs for details - Multiple Custom Domains.
These updates are available automatically to the current participants in MCD Early Access program. If you're interested in joining the MCD Early Access program, please send a request through the Auth0 Support Center and contact your Technical Account Manager (TAM) or Auth0 Sales Executive.
We are thrilled to announce a significant expansion of capabilities within the Multiple Custom Domains (MCD) Early Access program for Enterprise customers.
This update delivers powerful branding and white-labeling capabilities with improved flexibility to scale your identity solution from a single Auth0 tenant.
Please refer to Auth0 docs for details - Multiple Custom Domains.
These updates are available automatically to the current participants in MCD Early Access program. If you're interested in joining the MCD Early Access program, please send a request through the Auth0 Support Center and contact your Technical Account Manager (TAM) or Auth0 Sales Executive.
Auth0 has added a Dynamic Client Registration (DCR) scope to the Tenant Access Control List (ACL).
This enhancement allows administrators to control access to the /oidc/register endpoint based on a variety of network and client signals, helping prevent unauthorized or automated client creation.
Configuration is available via the Management API.
Learn more about our Tenant Access Control List in our online documentation found here
We are excited to announce that Actions Types is now available at npmjs @auth0/actions.
This NPM library currently facilitates TypeScript definitions for Auth0 Actions.
Developers can use this library for:
Docs: Learn more at Actions NPM Docs and Actions Unit Test Docs.
Auth0 now provides Management API endpoints to manage Bot Detection configuration!
Key Capabilities:
Bot Detection Controls: Automate adjustments to the Bot Detection Level (low, medium, or high) and manage your trusted IP AllowList via API.
Challenge Policies: Programmatically control CAPTCHA enforcement for password, passwordless, and password reset flows (options: always, when risky, or never).
CAPTCHA Management: Fully manage your CAPTCHA provider selection and configuration, including Auth0’s native challenge or third-party solutions.
To learn more about the new Bot Detection API endpoints check out our online documentation here
We are excited to announce that Actions Types is now available at npmjs @auth0/actions.
This NPM library currently facilitates TypeScript definitions for Auth0 Actions.
Developers can use this library for:
Docs: Learn more at Actions NPM Docs and Actions Unit Test Docs.
Auth0 has added a Dynamic Client Registration (DCR) scope to the Tenant Access Control List (ACL).
This enhancement allows administrators to control access to the /oidc/register endpoint based on a variety of network and client signals, helping prevent unauthorized or automated client creation.
Configuration is available via the Management API.
Learn more about our Tenant Access Control List in our online documentation found here
Auth0 now provides Management API endpoints to manage Bot Detection configuration!
Key Capabilities:
Bot Detection Controls: Automate adjustments to the Bot Detection Level (low, medium, or high) and manage your trusted IP AllowList via API.
Challenge Policies: Programmatically control CAPTCHA enforcement for password, passwordless, and password reset flows (options: always, when risky, or never).
CAPTCHA Management: Fully manage your CAPTCHA provider selection and configuration, including Auth0’s native challenge or third-party solutions.
To learn more about the new Bot Detection API endpoints check out our online documentation here
We are excited to announce that Actions Types is now available at npmjs @auth0/actions.
This NPM library currently facilitates TypeScript definitions for Auth0 Actions.
Developers can use this library for:
Docs: Learn more at Actions NPM Docs and Actions Unit Test Docs.
Auth0 has added a Dynamic Client Registration (DCR) scope to the Tenant Access Control List (ACL).
This enhancement allows administrators to control access to the /oidc/register endpoint based on a variety of network and client signals, helping prevent unauthorized or automated client creation.
Configuration is available via the Management API.
Learn more about our Tenant Access Control List in our online documentation found here
Auth0 now provides Management API endpoints to manage Bot Detection configuration!
Key Capabilities:
Bot Detection Controls: Automate adjustments to the Bot Detection Level (low, medium, or high) and manage your trusted IP AllowList via API.
Challenge Policies: Programmatically control CAPTCHA enforcement for password, passwordless, and password reset flows (options: always, when risky, or never).
CAPTCHA Management: Fully manage your CAPTCHA provider selection and configuration, including Auth0’s native challenge or third-party solutions.
To learn more about the new Bot Detection API endpoints check out our online documentation here
We are excited to announce that Actions Types is now available at npmjs @auth0/actions.
This NPM library currently facilitates TypeScript definitions for Auth0 Actions.
Developers can use this library for:
Docs: Learn more at Actions NPM Docs and Actions Unit Test Docs.
Auth0 has added a Dynamic Client Registration (DCR) scope to the Tenant Access Control List (ACL).
This enhancement allows administrators to control access to the /oidc/register endpoint based on a variety of network and client signals, helping prevent unauthorized or automated client creation.
Configuration is available via the Management API.
Learn more about our Tenant Access Control List in our online documentation found here
Auth0 now provides Management API endpoints to manage Bot Detection configuration!
Key Capabilities:
Bot Detection Controls: Automate adjustments to the Bot Detection Level (low, medium, or high) and manage your trusted IP AllowList via API.
Challenge Policies: Programmatically control CAPTCHA enforcement for password, passwordless, and password reset flows (options: always, when risky, or never).
CAPTCHA Management: Fully manage your CAPTCHA provider selection and configuration, including Auth0’s native challenge or third-party solutions.
To learn more about the new Bot Detection API endpoints check out our online documentation here