Auth0 Changelog

Auth0 now provides Management API endpoints to manage Bot Detection configuration!

Key Capabilities:

Bot Detection Controls: Automate adjustments to the Bot Detection Level (low, medium, or high) and manage your trusted IP AllowList via API.

Challenge Policies: Programmatically control CAPTCHA enforcement for password, passwordless, and password reset flows (options: always, when risky, or never).

CAPTCHA Management: Fully manage your CAPTCHA provider selection and configuration, including Auth0’s native challenge or third-party solutions.

To learn more about the new Bot Detection API endpoints check out our online documentation here

Auth0 has added a Dynamic Client Registration (DCR) scope to the Tenant Access Control List (ACL).

This enhancement allows administrators to control access to the /oidc/register endpoint based on a variety of network and client signals, helping prevent unauthorized or automated client creation.

Configuration is available via the Management API.

Learn more about our Tenant Access Control List in our online documentation found here

We are excited to announce that Actions Types is now available at npmjs @auth0/actions.

This NPM library currently facilitates TypeScript definitions for Auth0 Actions.

Developers can use this library for:

• IDE / Code Editor Assistance: By referencing this library, IDEs and code editors can help developers coding with autocompletion, object and functions definitions, and error checking.
• TypeScript Development: This library enables Actions development using TypeScript which then can be built and deployed to Actions as Common JS.
• Unit Testing Improvements: This library allows developers to follow best practices and to improve their Unit Testing based on TypeScript definitions.
• AI Actions Generation: Gives AI assisted IDEs the context they need to generate more accurate and secure Actions code.

Docs: Learn more at Actions NPM Docs and Actions Unit Test Docs.

As part of Continuous Session Protection, you can now attach custom key–value data to a user’s session using Actions or the Auth0 Management API. This allows enterprise customers to persist contextual data (such as device name, organization ID, or custom flags) throughout the session lifecycle.

Session Metadata:

Enables storing and retrieving custom metadata directly within Auth0 sessions

Can be set in Post-Login Actions using api.session.setMetadata(key, value) and accessed through event.session.metadata

Is available via the Management API for reading, updating, or evicting metadata during the session’s lifetime

Can be automatically included in OIDC Back-Channel Logout tokens, enabling downstream systems to receive the same metadata context

This feature expands session extensibility, allowing richer integrations, stronger audit trails, and personalized session behavior across applications.

Availability:

Session Metadata is available to Enterprise tenants in Early Access. To enable this feature, reach out to your Technical Account Manager or open a Support Ticket.

Learn more: Session Metadata Documentation

As part of Continuous Session Protection, you can now attach custom key–value data to a user’s session using Actions or the Auth0 Management API. This allows enterprise customers to persist contextual data (such as device name, organization ID, or custom flags) throughout the session lifecycle.

Session Metadata:

Enables storing and retrieving custom metadata directly within Auth0 sessions

Can be set in Post-Login Actions using api.session.setMetadata(key, value) and accessed through event.session.metadata

Is available via the Management API for reading, updating, or evicting metadata during the session’s lifetime

Can be automatically included in OIDC Back-Channel Logout tokens, enabling downstream systems to receive the same metadata context

This feature expands session extensibility, allowing richer integrations, stronger audit trails, and personalized session behavior across applications.

Availability:

Session Metadata is available to Enterprise tenants in Early Access. To enable this feature, reach out to your Technical Account Manager or open a Support Ticket.

Learn more: Session Metadata Documentation

As part of Continuous Session Protection, you can now attach custom key–value data to a user’s session using Actions or the Auth0 Management API. This allows enterprise customers to persist contextual data (such as device name, organization ID, or custom flags) throughout the session lifecycle.

Session Metadata:

Enables storing and retrieving custom metadata directly within Auth0 sessions

Can be set in Post-Login Actions using api.session.setMetadata(key, value) and accessed through event.session.metadata

Is available via the Management API for reading, updating, or evicting metadata during the session’s lifetime

Can be automatically included in OIDC Back-Channel Logout tokens, enabling downstream systems to receive the same metadata context

This feature expands session extensibility, allowing richer integrations, stronger audit trails, and personalized session behavior across applications.

Availability:

Session Metadata is available to Enterprise tenants in Early Access. To enable this feature, reach out to your Technical Account Manager or open a Support Ticket.

Learn more: Session Metadata Documentation

As part of Continuous Session Protection, you can now attach custom key–value data to a user’s session using Actions or the Auth0 Management API. This allows enterprise customers to persist contextual data (such as device name, organization ID, or custom flags) throughout the session lifecycle.

Session Metadata:

Enables storing and retrieving custom metadata directly within Auth0 sessions

Can be set in Post-Login Actions using api.session.setMetadata(key, value) and accessed through event.session.metadata

Is available via the Management API for reading, updating, or evicting metadata during the session’s lifetime

Can be automatically included in OIDC Back-Channel Logout tokens, enabling downstream systems to receive the same metadata context

This feature expands session extensibility, allowing richer integrations, stronger audit trails, and personalized session behavior across applications.

Availability:

Session Metadata is available to Enterprise tenants in Early Access. To enable this feature, reach out to your Technical Account Manager or open a Support Ticket.

Learn more: Session Metadata Documentation

As part of Continuous Session Protection, you can now attach custom key–value data to a user’s session using Actions or the Auth0 Management API. This allows enterprise customers to persist contextual data (such as device name, organization ID, or custom flags) throughout the session lifecycle.

Session Metadata:

Enables storing and retrieving custom metadata directly within Auth0 sessions

Can be set in Post-Login Actions using api.session.setMetadata(key, value) and accessed through event.session.metadata

Is available via the Management API for reading, updating, or evicting metadata during the session’s lifetime

Can be automatically included in OIDC Back-Channel Logout tokens, enabling downstream systems to receive the same metadata context

This feature expands session extensibility, allowing richer integrations, stronger audit trails, and personalized session behavior across applications.

Availability:

Session Metadata is available to Enterprise tenants in Early Access. To enable this feature, reach out to your Technical Account Manager or open a Support Ticket.

Learn more: Session Metadata Documentation

We’re excited to introduce Google Workspace User Directory Sync, now available as part of our Beta program.

This feature allows organizations to automatically synchronize users from their Google Workspace directory into Auth0 - ensuring user data stays accurate and up to date without relying on login events.

What’s New:

• Automated user synchronization: Automatically sync user profiles from your Google Workspace Enterprise connection into Auth0.
• Flexible sync cadence: Choose between manual on-demand syncs or automatic syncs that run every 30 minutes.
• Custom attribute mapping: Map Google Workspace user attributes to Auth0 user profile fields for full control over data consistency.
• Management API support: Configure, update, retrieve, or delete your Directory Sync settings programmatically - with Postman collection templates included.

Why It Matters: This enhancement eliminates the need for users to log in before their profiles are updated in Auth0, reducing data drift and simplifying identity lifecycle management.

How to Get Started: To join the Beta program and access Google Workspace User Directory Sync, complete the Beta Terms & Conditions form and contact your Auth0 Account Team to request activation and supporting documentation.

We’re excited to introduce Google Workspace User Directory Sync, now available as part of our Beta program.

This feature allows organizations to automatically synchronize users from their Google Workspace directory into Auth0 - ensuring user data stays accurate and up to date without relying on login events.

What’s New:

• Automated user synchronization: Automatically sync user profiles from your Google Workspace Enterprise connection into Auth0.
• Flexible sync cadence: Choose between manual on-demand syncs or automatic syncs that run every 30 minutes.
• Custom attribute mapping: Map Google Workspace user attributes to Auth0 user profile fields for full control over data consistency.
• Management API support: Configure, update, retrieve, or delete your Directory Sync settings programmatically - with Postman collection templates included.

Why It Matters: This enhancement eliminates the need for users to log in before their profiles are updated in Auth0, reducing data drift and simplifying identity lifecycle management.

How to Get Started: To join the Beta program and access Google Workspace User Directory Sync, complete the Beta Terms & Conditions form and contact your Auth0 Account Team to request activation and supporting documentation.

We’re excited to introduce Google Workspace User Directory Sync, now available as part of our Beta program.

This feature allows organizations to automatically synchronize users from their Google Workspace directory into Auth0 - ensuring user data stays accurate and up to date without relying on login events.

What’s New:

• Automated user synchronization: Automatically sync user profiles from your Google Workspace Enterprise connection into Auth0.
• Flexible sync cadence: Choose between manual on-demand syncs or automatic syncs that run every 30 minutes.
• Custom attribute mapping: Map Google Workspace user attributes to Auth0 user profile fields for full control over data consistency.
• Management API support: Configure, update, retrieve, or delete your Directory Sync settings programmatically - with Postman collection templates included.

Why It Matters: This enhancement eliminates the need for users to log in before their profiles are updated in Auth0, reducing data drift and simplifying identity lifecycle management.

How to Get Started: To join the Beta program and access Google Workspace User Directory Sync, complete the Beta Terms & Conditions form and contact your Auth0 Account Team to request activation and supporting documentation.

We’re excited to introduce Google Workspace User Directory Sync, now available as part of our Beta program.

This feature allows organizations to automatically synchronize users from their Google Workspace directory into Auth0 - ensuring user data stays accurate and up to date without relying on login events.

What’s New:

• Automated user synchronization: Automatically sync user profiles from your Google Workspace Enterprise connection into Auth0.
• Flexible sync cadence: Choose between manual on-demand syncs or automatic syncs that run every 30 minutes.
• Custom attribute mapping: Map Google Workspace user attributes to Auth0 user profile fields for full control over data consistency.
• Management API support: Configure, update, retrieve, or delete your Directory Sync settings programmatically - with Postman collection templates included.

Why It Matters: This enhancement eliminates the need for users to log in before their profiles are updated in Auth0, reducing data drift and simplifying identity lifecycle management.

How to Get Started: To join the Beta program and access Google Workspace User Directory Sync, complete the Beta Terms & Conditions form and contact your Auth0 Account Team to request activation and supporting documentation.

We’re excited to introduce Google Workspace User Directory Sync, now available as part of our Beta program.

This feature allows organizations to automatically synchronize users from their Google Workspace directory into Auth0 - ensuring user data stays accurate and up to date without relying on login events.

What’s New:

• Automated user synchronization: Automatically sync user profiles from your Google Workspace Enterprise connection into Auth0.
• Flexible sync cadence: Choose between manual on-demand syncs or automatic syncs that run every 30 minutes.
• Custom attribute mapping: Map Google Workspace user attributes to Auth0 user profile fields for full control over data consistency.
• Management API support: Configure, update, retrieve, or delete your Directory Sync settings programmatically - with Postman collection templates included.

Why It Matters: This enhancement eliminates the need for users to log in before their profiles are updated in Auth0, reducing data drift and simplifying identity lifecycle management.

How to Get Started: To join the Beta program and access Google Workspace User Directory Sync, complete the Beta Terms & Conditions form and contact your Auth0 Account Team to request activation and supporting documentation.

Login flows initiated in the context of client applications associated with business users (organization_usage=require) and configured to prompt for the organization at the start of the login flow (organization_require_behavior=pre_login_prompt) will consider an existing authenticated session and allow single sign-on (SSO).

The previous behavior where these flows disregarded SSO is deprecated. We have provided additional information and timelines for enforcing this change across tenants through a dashboard and support center notification.

Auth0's Private Cloud footprint is expanding again, this time to the AWS Asia Pacific Thailand Region!

This launch plants our secure identity infrastructure in the heart of one of Southeast Asia's largest digital economies. Customers in the region can now leverage this new presence for significantly reduced latency and enhanced performance. It also provides a robust, in-country solution for organizations managing their data governance and sovereignty objectives.

We are excited to support the rapid growth of Thailand's booming e-commerce, fintech, and digital service sectors with this new deployment.

Auth0's Private Cloud footprint is expanding again, this time to the AWS Asia Pacific Thailand Region!

This launch plants our secure identity infrastructure in the heart of one of Southeast Asia's largest digital economies. Customers in the region can now leverage this new presence for significantly reduced latency and enhanced performance. It also provides a robust, in-country solution for organizations managing their data governance and sovereignty objectives.

We are excited to support the rapid growth of Thailand's booming e-commerce, fintech, and digital service sectors with this new deployment.

Login flows initiated in the context of client applications associated with business users (organization_usage=require) and configured to prompt for the organization at the start of the login flow (organization_require_behavior=pre_login_prompt) will consider an existing authenticated session and allow single sign-on (SSO).

The previous behavior where these flows disregarded SSO is deprecated. We have provided additional information and timelines for enforcing this change across tenants through a dashboard and support center notification.

Auth0's Private Cloud footprint is expanding again, this time to the AWS Asia Pacific Thailand Region!

This launch plants our secure identity infrastructure in the heart of one of Southeast Asia's largest digital economies. Customers in the region can now leverage this new presence for significantly reduced latency and enhanced performance. It also provides a robust, in-country solution for organizations managing their data governance and sovereignty objectives.

We are excited to support the rapid growth of Thailand's booming e-commerce, fintech, and digital service sectors with this new deployment.

Login flows initiated in the context of client applications associated with business users (organization_usage=require) and configured to prompt for the organization at the start of the login flow (organization_require_behavior=pre_login_prompt) will consider an existing authenticated session and allow single sign-on (SSO).

The previous behavior where these flows disregarded SSO is deprecated. We have provided additional information and timelines for enforcing this change across tenants through a dashboard and support center notification.

Auth0's Private Cloud footprint is expanding again, this time to the AWS Asia Pacific Thailand Region!

This launch plants our secure identity infrastructure in the heart of one of Southeast Asia's largest digital economies. Customers in the region can now leverage this new presence for significantly reduced latency and enhanced performance. It also provides a robust, in-country solution for organizations managing their data governance and sovereignty objectives.

We are excited to support the rapid growth of Thailand's booming e-commerce, fintech, and digital service sectors with this new deployment.