Login flows initiated in the context of client applications associated with business users (organization_usage=require) and configured to prompt for the organization at the start of the login flow (organization_require_behavior=pre_login_prompt) will consider an existing authenticated session and allow single sign-on (SSO).
The previous behavior where these flows disregarded SSO is deprecated. We have provided additional information and timelines for enforcing this change across tenants through a dashboard and support center notification.
Login flows initiated in the context of client applications associated with business users (organization_usage=require) and configured to prompt for the organization at the start of the login flow (organization_require_behavior=pre_login_prompt) will consider an existing authenticated session and allow single sign-on (SSO).
The previous behavior where these flows disregarded SSO is deprecated. We have provided additional information and timelines for enforcing this change across tenants through a dashboard and support center notification.
Auth0's Private Cloud footprint is expanding again, this time to the AWS Asia Pacific Thailand Region!
This launch plants our secure identity infrastructure in the heart of one of Southeast Asia's largest digital economies. Customers in the region can now leverage this new presence for significantly reduced latency and enhanced performance. It also provides a robust, in-country solution for organizations managing their data governance and sovereignty objectives.
We are excited to support the rapid growth of Thailand's booming e-commerce, fintech, and digital service sectors with this new deployment.
We’re excited to announce Organization Discovery by Domain, a new capability that makes enterprise login smarter and more seamless. Together with Prompt for Organizations, it automatically identifies a user’s Organization before authentication, using either their email or organization name — eliminating the need for guessing, manual routing, or dealing with misspellings.
Smarter Login Experience: Users can now enter either their organization name or work email on the Prompt for Organization screen. If the Organization has a verified domain, Auth0 detects the Organization instantly, loads the correct branded login, and routes the user to the right IdP.
Verified Domains: Tenant admins can now associate one or more verified domains with each Organization using the new Domains tab. Verified domains power automatic organization detection and ensure HRD (Home Realm Discovery) runs only against that Organization’s enabled connections.
Unified Enterprise Login Flow: This update enhances the Prompt for Organization experience for both Business and Both (Business + Individual) app types, unifying login flows across personal and enterprise users.
Availability: Rollout is happening now. No opt-in required, it’s ready as soon as it appears in your tenant.
Learn more about Organization Discovery by Domain in our product documentation.
By using Organization Discovery by Domain, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement and Okta’s Privacy Policy during use of the Early Access feature. The Free Trial terms can be found within the Master Subscription Agreement at Legal Agreements | Okta.
We've enhanced the Auth0 FGA Write API endpoint to help streamline imports and reduce errors. You can now use two new optional parameters:
on_duplicate: "ignore": This will gracefully skip any write operations for relationship tuples that already exist.
on_missing: "ignore": This will gracefully skip any delete operations for relationship tuples that do not exist.
Previously, these common conditions would cause the entire Write request to fail. These new parameters prevent unnecessary failures, eliminating the need for complex client-side retry logic and improving import performance.
This feature is available now via the API and our latest SDKs.
Learn more about Writing Tuples in FGA from our product documentation or API Reference.
We've enhanced the Auth0 FGA Write API endpoint to help streamline imports and reduce errors. You can now use two new optional parameters:
on_duplicate: "ignore": This will gracefully skip any write operations for relationship tuples that already exist.
on_missing: "ignore": This will gracefully skip any delete operations for relationship tuples that do not exist.
Previously, these common conditions would cause the entire Write request to fail. These new parameters prevent unnecessary failures, eliminating the need for complex client-side retry logic and improving import performance.
This feature is available now via the API and our latest SDKs.
Learn more about Writing Tuples in FGA from our product documentation or API Reference.
We’re excited to announce Organization Discovery by Domain, a new capability that makes enterprise login smarter and more seamless. Together with Prompt for Organizations, it automatically identifies a user’s Organization before authentication, using either their email or organization name — eliminating the need for guessing, manual routing, or dealing with misspellings.
Smarter Login Experience: Users can now enter either their organization name or work email on the Prompt for Organization screen. If the Organization has a verified domain, Auth0 detects the Organization instantly, loads the correct branded login, and routes the user to the right IdP.
Verified Domains: Tenant admins can now associate one or more verified domains with each Organization using the new Domains tab. Verified domains power automatic organization detection and ensure HRD (Home Realm Discovery) runs only against that Organization’s enabled connections.
Unified Enterprise Login Flow: This update enhances the Prompt for Organization experience for both Business and Both (Business + Individual) app types, unifying login flows across personal and enterprise users.
Availability: Rollout is happening now. No opt-in required, it’s ready as soon as it appears in your tenant.
Learn more about Organization Discovery by Domain in our product documentation.
By using Organization Discovery by Domain, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement and Okta’s Privacy Policy during use of the Early Access feature. The Free Trial terms can be found within the Master Subscription Agreement at Legal Agreements | Okta.
We've enhanced the Auth0 FGA Write API endpoint to help streamline imports and reduce errors. You can now use two new optional parameters:
on_duplicate: "ignore": This will gracefully skip any write operations for relationship tuples that already exist.
on_missing: "ignore": This will gracefully skip any delete operations for relationship tuples that do not exist.
Previously, these common conditions would cause the entire Write request to fail. These new parameters prevent unnecessary failures, eliminating the need for complex client-side retry logic and improving import performance.
This feature is available now via the API and our latest SDKs.
Learn more about Writing Tuples in FGA from our product documentation or API Reference.
We’re excited to announce Organization Discovery by Domain, a new capability that makes enterprise login smarter and more seamless. Together with Prompt for Organizations, it automatically identifies a user’s Organization before authentication, using either their email or organization name — eliminating the need for guessing, manual routing, or dealing with misspellings.
Smarter Login Experience: Users can now enter either their organization name or work email on the Prompt for Organization screen. If the Organization has a verified domain, Auth0 detects the Organization instantly, loads the correct branded login, and routes the user to the right IdP.
Verified Domains: Tenant admins can now associate one or more verified domains with each Organization using the new Domains tab. Verified domains power automatic organization detection and ensure HRD (Home Realm Discovery) runs only against that Organization’s enabled connections.
Unified Enterprise Login Flow: This update enhances the Prompt for Organization experience for both Business and Both (Business + Individual) app types, unifying login flows across personal and enterprise users.
Availability: Rollout is happening now. No opt-in required, it’s ready as soon as it appears in your tenant.
Learn more about Organization Discovery by Domain in our product documentation.
By using Organization Discovery by Domain, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement and Okta’s Privacy Policy during use of the Early Access feature. The Free Trial terms can be found within the Master Subscription Agreement at Legal Agreements | Okta.
We've enhanced the Auth0 FGA Write API endpoint to help streamline imports and reduce errors. You can now use two new optional parameters:
on_duplicate: "ignore": This will gracefully skip any write operations for relationship tuples that already exist.
on_missing: "ignore": This will gracefully skip any delete operations for relationship tuples that do not exist.
Previously, these common conditions would cause the entire Write request to fail. These new parameters prevent unnecessary failures, eliminating the need for complex client-side retry logic and improving import performance.
This feature is available now via the API and our latest SDKs.
Learn more about Writing Tuples in FGA from our product documentation or API Reference.
We’re excited to announce Organization Discovery by Domain, a new capability that makes enterprise login smarter and more seamless. Together with Prompt for Organizations, it automatically identifies a user’s Organization before authentication, using either their email or organization name — eliminating the need for guessing, manual routing, or dealing with misspellings.
Smarter Login Experience: Users can now enter either their organization name or work email on the Prompt for Organization screen. If the Organization has a verified domain, Auth0 detects the Organization instantly, loads the correct branded login, and routes the user to the right IdP.
Verified Domains: Tenant admins can now associate one or more verified domains with each Organization using the new Domains tab. Verified domains power automatic organization detection and ensure HRD (Home Realm Discovery) runs only against that Organization’s enabled connections.
Unified Enterprise Login Flow: This update enhances the Prompt for Organization experience for both Business and Both (Business + Individual) app types, unifying login flows across personal and enterprise users.
Availability: Rollout is happening now. No opt-in required, it’s ready as soon as it appears in your tenant.
Learn more about Organization Discovery by Domain in our product documentation.
By using Organization Discovery by Domain, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement and Okta’s Privacy Policy during use of the Early Access feature. The Free Trial terms can be found within the Master Subscription Agreement at Legal Agreements | Okta.
We’re excited to announce Organization Discovery by Domain, a new capability that makes enterprise login smarter and more seamless. Together with Prompt for Organizations, it automatically identifies a user’s Organization before authentication, using either their email or organization name — eliminating the need for guessing, manual routing, or dealing with misspellings.
Smarter Login Experience: Users can now enter either their organization name or work email on the Prompt for Organization screen. If the Organization has a verified domain, Auth0 detects the Organization instantly, loads the correct branded login, and routes the user to the right IdP.
Verified Domains: Tenant admins can now associate one or more verified domains with each Organization using the new Domains tab. Verified domains power automatic organization detection and ensure HRD (Home Realm Discovery) runs only against that Organization’s enabled connections.
Unified Enterprise Login Flow: This update enhances the Prompt for Organization experience for both Business and Both (Business + Individual) app types, unifying login flows across personal and enterprise users.
Availability: Rollout is happening now. No opt-in required, it’s ready as soon as it appears in your tenant.
Learn more about Organization Discovery by Domain in our product documentation.
By using Organization Discovery by Domain, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement and Okta’s Privacy Policy during use of the Early Access feature. The Free Trial terms can be found within the Master Subscription Agreement at Legal Agreements | Okta.
We've enhanced the Auth0 FGA Write API endpoint to help streamline imports and reduce errors. You can now use two new optional parameters:
on_duplicate: "ignore": This will gracefully skip any write operations for relationship tuples that already exist.
on_missing: "ignore": This will gracefully skip any delete operations for relationship tuples that do not exist.
Previously, these common conditions would cause the entire Write request to fail. These new parameters prevent unnecessary failures, eliminating the need for complex client-side retry logic and improving import performance.
This feature is available now via the API and our latest SDKs.
Learn more about Writing Tuples in FGA from our product documentation or API Reference.
Auth0 now supports Sign in with Shop, a new social login integration designed for Shopify merchants. This feature allows merchants to offer customers a familiar authentication option using their existing Shop accounts. This new integration provides:
Get started today with our quick start guide to connect your Shopify store to Auth0 and our built-in Sign in with Shop social integration.
Auth0 now supports Sign in with Shop, a new social login integration designed for Shopify merchants. This feature allows merchants to offer customers a familiar authentication option using their existing Shop accounts. This new integration provides:
Get started today with our quick start guide to connect your Shopify store to Auth0 and our built-in Sign in with Shop social integration.
Auth0 now supports Sign in with Shop, a new social login integration designed for Shopify merchants. This feature allows merchants to offer customers a familiar authentication option using their existing Shop accounts. This new integration provides:
Get started today with our quick start guide to connect your Shopify store to Auth0 and our built-in Sign in with Shop social integration.
Auth0 now supports Sign in with Shop, a new social login integration designed for Shopify merchants. This feature allows merchants to offer customers a familiar authentication option using their existing Shop accounts. This new integration provides:
Get started today with our quick start guide to connect your Shopify store to Auth0 and our built-in Sign in with Shop social integration.
Auth0 now supports Sign in with Shop, a new social login integration designed for Shopify merchants. This feature allows merchants to offer customers a familiar authentication option using their existing Shop accounts. This new integration provides:
Get started today with our quick start guide to connect your Shopify store to Auth0 and our built-in Sign in with Shop social integration.
To enhance security and mitigate risks of application impersonation and phishing attacks, we are recommending the transition to HTTPS-based callbacks using Android App Links and Apple Universal Links whenever possible. In addition, we are introducing a change in how the service handles custom URI schemes and loopback URI as callbacks.
More specifically, for authentication requests specifying a custom URI scheme or a loopback URI as the callback, we are introducing a login confirmation prompt used in scenarios that would previously return a response without requiring user interaction. For example, in a single sign-on (SSO) scenario, if authentication request requirements can be satisfied from an existing authenticated session, the service will display the new login confirmation prompt instead of seamlessly returning a response to the specified custom URI scheme / loopback URI callback.
Additionally, authentication requests including prompt=none will be rejected when Applications use non-verifiable callback URIs and are configured to use the new login confirmation prompt.
Review the User Confirmation Prompt section of Measures Against Application Impersonation to learn more about the new prompt.
Tenants created before October 15, 2025, maintain the previous behavior as the default until April 28, 2026. After the October cutoff date, newly created tenants may default to displaying the new login confirmation prompt with some exceptions due to each environment's deployment schedule. For any tenant maintaining the previous behavior, we recommend you opt in beforehand to use the new behavior. Alternatively, you can opt out of using the additional confirmation prompt if strictly required. Additional information on this situation is available at Migrate to Custom URI Scheme Redirect End-User Confirmation.
We’ve improved our machine learning (ML) model for signup to deliver stronger protection against automated account creation while keeping friction low for legitimate users.
Note: This update applies only to the signup flow. There are no changes to the ML models used for bot detection in login or password reset flows.
Expanded detection signals:
The model now leverages user-agent–based signals, such as operating system and browser version data, to more accurately distinguish between human and automated signup attempts.
Smarter traffic classification:
An updated labeling strategy improves how the model differentiates between malicious and legitimate signup activity, helping it adapt more effectively to evolving attack patterns.
Optimized sensitivity settings:
Adjusted detection thresholds capture a broader range of bot activity while maintaining a low false positive rate, ensuring a smooth experience for valid users.
These enhancements strengthen the signup protection capabilities of Attack Protection, enabling more effective detection of automated signup attempts without adding unnecessary friction for real users.
The rollout is in progress for all Enterprise customers with the Attack Protection add-on and will complete over the coming weeks in line with individual release schedules.
For configuration guidance or to learn more about protecting your signup flows, please refer to our documentation or contact your account team.