One of the most requested features for the Auth0 Deploy CLI is here: you can now preview your deployment changes before applying them.
Say goodbye to deployment anxiety. With the new --dry-run flag, you can get a detailed summary of exactly what resources will be created, updated, or deleted before you run an import. This brings the confidence of infrastructure-as-code practices like terraform plan to your Auth0 tenant management.
Get started by simply adding the --dry-run flag to your import command to see a safe preview of your changes.
This will help you and your team:
The Dry Run feature is now available in Early Access. Update to the latest version of the Deploy CLI to get started.
One of the most requested features for the Auth0 Deploy CLI is here: you can now preview your deployment changes before applying them.
Say goodbye to deployment anxiety. With the new --dry-run flag, you can get a detailed summary of exactly what resources will be created, updated, or deleted before you run an import. This brings the confidence of infrastructure-as-code practices like terraform plan to your Auth0 tenant management.
Get started by simply adding the --dry-run flag to your import command to see a safe preview of your changes.
This will help you and your team:
The Dry Run feature is now available in Early Access. Update to the latest version of the Deploy CLI to get started.
One of the most requested features for the Auth0 Deploy CLI is here: you can now preview your deployment changes before applying them.
Say goodbye to deployment anxiety. With the new --dry-run flag, you can get a detailed summary of exactly what resources will be created, updated, or deleted before you run an import. This brings the confidence of infrastructure-as-code practices like terraform plan to your Auth0 tenant management.
Get started by simply adding the --dry-run flag to your import command to see a safe preview of your changes.
This will help you and your team:
The Dry Run feature is now available in Early Access. Update to the latest version of the Deploy CLI to get started.
What's new:
Non-Unique Emails is now in Open Early Access and rolling out to all environments. With this feature, multiple user accounts can share the same email address within a database connection. This enables support for real-world scenarios like:
Parent/child accounts using a shared inbox
Small businesses with a single location email
Users managing multiple roles under one email address
Key details:
Rollout has just begun and will take 1--4 weeks to reach every environment.
Available only for new database connections.
Email cannot be used as a primary identifier, customers must configure username or phone number.
Email communications will still be delivered to the shared email.
Once enabled, the non-unique email setting is permanent.
Status:
This feature is production-ready.
No opt-in required, all customers will gain access once rollout reaches their environment.
GA planned for Q4 2025.
Getting started:
Customers can create a new database connection with Non-Unique Emails in the Dashboard or via the Management API. See full documentation here:
Non-Unique Emails Documentation
What's new:
Non-Unique Emails is now in Open Early Access and rolling out to all environments. With this feature, multiple user accounts can share the same email address within a database connection. This enables support for real-world scenarios like:
Parent/child accounts using a shared inbox
Small businesses with a single location email
Users managing multiple roles under one email address
Key details:
Rollout has just begun and will take 1--4 weeks to reach every environment.
Available only for new database connections.
Email cannot be used as a primary identifier, customers must configure username or phone number.
Email communications will still be delivered to the shared email.
Once enabled, the non-unique email setting is permanent.
Status:
This feature is production-ready.
No opt-in required, all customers will gain access once rollout reaches their environment.
GA planned for Q4 2025.
Getting started:
Customers can create a new database connection with Non-Unique Emails in the Dashboard or via the Management API. See full documentation here:
Non-Unique Emails Documentation
What's new:
Non-Unique Emails is now in Open Early Access and rolling out to all environments. With this feature, multiple user accounts can share the same email address within a database connection. This enables support for real-world scenarios like:
Parent/child accounts using a shared inbox
Small businesses with a single location email
Users managing multiple roles under one email address
Key details:
Rollout has just begun and will take 1--4 weeks to reach every environment.
Available only for new database connections.
Email cannot be used as a primary identifier, customers must configure username or phone number.
Email communications will still be delivered to the shared email.
Once enabled, the non-unique email setting is permanent.
Status:
This feature is production-ready.
No opt-in required, all customers will gain access once rollout reaches their environment.
GA planned for Q4 2025.
Getting started:
Customers can create a new database connection with Non-Unique Emails in the Dashboard or via the Management API. See full documentation here:
Non-Unique Emails Documentation
What's new:
Non-Unique Emails is now in Open Early Access and rolling out to all environments. With this feature, multiple user accounts can share the same email address within a database connection. This enables support for real-world scenarios like:
Parent/child accounts using a shared inbox
Small businesses with a single location email
Users managing multiple roles under one email address
Key details:
Rollout has just begun and will take 1--4 weeks to reach every environment.
Available only for new database connections.
Email cannot be used as a primary identifier, customers must configure username or phone number.
Email communications will still be delivered to the shared email.
Once enabled, the non-unique email setting is permanent.
Status:
This feature is production-ready.
No opt-in required, all customers will gain access once rollout reaches their environment.
GA planned for Q4 2025.
Getting started:
Customers can create a new database connection with Non-Unique Emails in the Dashboard or via the Management API. See full documentation here:
Non-Unique Emails Documentation
What's new:
Non-Unique Emails is now in Open Early Access and rolling out to all environments. With this feature, multiple user accounts can share the same email address within a database connection. This enables support for real-world scenarios like:
Parent/child accounts using a shared inbox
Small businesses with a single location email
Users managing multiple roles under one email address
Key details:
Rollout has just begun and will take 1--4 weeks to reach every environment.
Available only for new database connections.
Email cannot be used as a primary identifier, customers must configure username or phone number.
Email communications will still be delivered to the shared email.
Once enabled, the non-unique email setting is permanent.
Status:
This feature is production-ready.
No opt-in required, all customers will gain access once rollout reaches their environment.
GA planned for Q4 2025.
Getting started:
Customers can create a new database connection with Non-Unique Emails in the Dashboard or via the Management API. See full documentation here:
Non-Unique Emails Documentation
We are excited to announce a major update for our Private Cloud customers, extending the powerful management and security capabilities of Auth0 Teams to your private cloud environments. This release introduces the Beta versions of Tenant Member Management and SSO Enforcement, closing the feature gap with our Public Cloud offering.
Tenant Member Management (Beta) for Private Cloud:
You can now centrally manage tenant membership and roles for your team members directly from the Auth0 Teams dashboard. This feature simplifies user administration by allowing you to:
SSO Enforcement (Beta) for Private Cloud:
Strengthen your organization's security posture by requiring all team and tenant members to authenticate using one of your configured Enterprise Identity Provider (IdP) connections. This ensures that access to Auth0 resources is governed by your corporate identity solution.
Activity Log Integration for Tenant Management:
All operations related to Tenant Member Management (e.g., adding, updating or deleting) are now recorded in the Auth0 Teams Activity Log, providing a complete audit trail for compliance and security monitoring. (Note Now available to all Auth0 Teams customers.)
Session Revocation for Private Cloud:
Administrators now have the ability to revoke active user sessions for Private Cloud tenants, providing an immediate way to off-board users or respond to security events.
Streamlined Private Cloud User Invites:
Team members can now be invited directly to a Private Cloud tenant through the Teams interface. This removes the previous requirement of first adding the user to the configuration tenant, simplifying and accelerating the onboarding workflow.
Increased Bulk Tenant:
The limit for bulk tenant assignment has been doubled, allowing you to grant or modify access to 10 tenants at once, up from the previous limit of 5.
Tenant Member Management and SSO Enforcement features for Private Cloud are being released in Beta.
We are excited to announce a major update for our Private Cloud customers, extending the powerful management and security capabilities of Auth0 Teams to your private cloud environments. This release introduces the Beta versions of Tenant Member Management and SSO Enforcement, closing the feature gap with our Public Cloud offering.
Tenant Member Management (Beta) for Private Cloud:
You can now centrally manage tenant membership and roles for your team members directly from the Auth0 Teams dashboard. This feature simplifies user administration by allowing you to:
SSO Enforcement (Beta) for Private Cloud:
Strengthen your organization's security posture by requiring all team and tenant members to authenticate using one of your configured Enterprise Identity Provider (IdP) connections. This ensures that access to Auth0 resources is governed by your corporate identity solution.
Activity Log Integration for Tenant Management:
All operations related to Tenant Member Management (e.g., adding, updating or deleting) are now recorded in the Auth0 Teams Activity Log, providing a complete audit trail for compliance and security monitoring. (Note Now available to all Auth0 Teams customers.)
Session Revocation for Private Cloud:
Administrators now have the ability to revoke active user sessions for Private Cloud tenants, providing an immediate way to off-board users or respond to security events.
Streamlined Private Cloud User Invites:
Team members can now be invited directly to a Private Cloud tenant through the Teams interface. This removes the previous requirement of first adding the user to the configuration tenant, simplifying and accelerating the onboarding workflow.
Increased Bulk Tenant:
The limit for bulk tenant assignment has been doubled, allowing you to grant or modify access to 10 tenants at once, up from the previous limit of 5.
Tenant Member Management and SSO Enforcement features for Private Cloud are being released in Beta.
We are excited to announce a major update for our Private Cloud customers, extending the powerful management and security capabilities of Auth0 Teams to your private cloud environments. This release introduces the Beta versions of Tenant Member Management and SSO Enforcement, closing the feature gap with our Public Cloud offering.
Tenant Member Management (Beta) for Private Cloud:
You can now centrally manage tenant membership and roles for your team members directly from the Auth0 Teams dashboard. This feature simplifies user administration by allowing you to:
SSO Enforcement (Beta) for Private Cloud:
Strengthen your organization's security posture by requiring all team and tenant members to authenticate using one of your configured Enterprise Identity Provider (IdP) connections. This ensures that access to Auth0 resources is governed by your corporate identity solution.
Activity Log Integration for Tenant Management:
All operations related to Tenant Member Management (e.g., adding, updating or deleting) are now recorded in the Auth0 Teams Activity Log, providing a complete audit trail for compliance and security monitoring. (Note Now available to all Auth0 Teams customers.)
Session Revocation for Private Cloud:
Administrators now have the ability to revoke active user sessions for Private Cloud tenants, providing an immediate way to off-board users or respond to security events.
Streamlined Private Cloud User Invites:
Team members can now be invited directly to a Private Cloud tenant through the Teams interface. This removes the previous requirement of first adding the user to the configuration tenant, simplifying and accelerating the onboarding workflow.
Increased Bulk Tenant:
The limit for bulk tenant assignment has been doubled, allowing you to grant or modify access to 10 tenants at once, up from the previous limit of 5.
Tenant Member Management and SSO Enforcement features for Private Cloud are being released in Beta.
We are excited to announce a major update for our Private Cloud customers, extending the powerful management and security capabilities of Auth0 Teams to your private cloud environments. This release introduces the Beta versions of Tenant Member Management and SSO Enforcement, closing the feature gap with our Public Cloud offering.
Tenant Member Management (Beta) for Private Cloud:
You can now centrally manage tenant membership and roles for your team members directly from the Auth0 Teams dashboard. This feature simplifies user administration by allowing you to:
SSO Enforcement (Beta) for Private Cloud:
Strengthen your organization's security posture by requiring all team and tenant members to authenticate using one of your configured Enterprise Identity Provider (IdP) connections. This ensures that access to Auth0 resources is governed by your corporate identity solution.
Activity Log Integration for Tenant Management:
All operations related to Tenant Member Management (e.g., adding, updating or deleting) are now recorded in the Auth0 Teams Activity Log, providing a complete audit trail for compliance and security monitoring. (Note Now available to all Auth0 Teams customers.)
Session Revocation for Private Cloud:
Administrators now have the ability to revoke active user sessions for Private Cloud tenants, providing an immediate way to off-board users or respond to security events.
Streamlined Private Cloud User Invites:
Team members can now be invited directly to a Private Cloud tenant through the Teams interface. This removes the previous requirement of first adding the user to the configuration tenant, simplifying and accelerating the onboarding workflow.
Increased Bulk Tenant:
The limit for bulk tenant assignment has been doubled, allowing you to grant or modify access to 10 tenants at once, up from the previous limit of 5.
Tenant Member Management and SSO Enforcement features for Private Cloud are being released in Beta.
We are excited to announce a major update for our Private Cloud customers, extending the powerful management and security capabilities of Auth0 Teams to your private cloud environments. This release introduces the Beta versions of Tenant Member Management and SSO Enforcement, closing the feature gap with our Public Cloud offering.
Tenant Member Management (Beta) for Private Cloud:
You can now centrally manage tenant membership and roles for your team members directly from the Auth0 Teams dashboard. This feature simplifies user administration by allowing you to:
SSO Enforcement (Beta) for Private Cloud:
Strengthen your organization's security posture by requiring all team and tenant members to authenticate using one of your configured Enterprise Identity Provider (IdP) connections. This ensures that access to Auth0 resources is governed by your corporate identity solution.
Activity Log Integration for Tenant Management:
All operations related to Tenant Member Management (e.g., adding, updating or deleting) are now recorded in the Auth0 Teams Activity Log, providing a complete audit trail for compliance and security monitoring. (Note Now available to all Auth0 Teams customers.)
Session Revocation for Private Cloud:
Administrators now have the ability to revoke active user sessions for Private Cloud tenants, providing an immediate way to off-board users or respond to security events.
Streamlined Private Cloud User Invites:
Team members can now be invited directly to a Private Cloud tenant through the Teams interface. This removes the previous requirement of first adding the user to the configuration tenant, simplifying and accelerating the onboarding workflow.
Increased Bulk Tenant:
The limit for bulk tenant assignment has been doubled, allowing you to grant or modify access to 10 tenants at once, up from the previous limit of 5.
Tenant Member Management and SSO Enforcement features for Private Cloud are being released in Beta.
We are delighted to announce that support for sender constraining tokens using Demonstrating Proof of Possession (DPoP) is now available in Early Access.
Demonstrating Proof of Possession (DPoP) as defined in RFC9449, is an application level mechanism for binding tokens issued by Auth0 to the client application that requested that token. This is implemented using asymmetric key cryptography and with keys that are generated and managed by the client application - no public key infrastructure (PKI) is required.
Sender constraining tokens using DPoP can be used to mitigate the risk of tokens being used by unauthorised parties if they are intercepted in transit or exfiltrated from applications. This helps to:
Auth0 will be rolling out SDK support for DPoP for native applications, single page applications, backend server APIs, and Auth0 management:
To evaluate DPoP for securing your tokens, contact your Auth0 representative. For more details, check out our product documentation.
We are delighted to announce that support for sender constraining tokens using Demonstrating Proof of Possession (DPoP) is now available in Early Access.
Demonstrating Proof of Possession (DPoP) as defined in RFC9449, is an application level mechanism for binding tokens issued by Auth0 to the client application that requested that token. This is implemented using asymmetric key cryptography and with keys that are generated and managed by the client application - no public key infrastructure (PKI) is required.
Sender constraining tokens using DPoP can be used to mitigate the risk of tokens being used by unauthorised parties if they are intercepted in transit or exfiltrated from applications. This helps to:
Auth0 will be rolling out SDK support for DPoP for native applications, single page applications, backend server APIs, and Auth0 management:
To evaluate DPoP for securing your tokens, contact your Auth0 representative. For more details, check out our product documentation.
We are delighted to announce that support for sender constraining tokens using Demonstrating Proof of Possession (DPoP) is now available in Early Access.
Demonstrating Proof of Possession (DPoP) as defined in RFC9449, is an application level mechanism for binding tokens issued by Auth0 to the client application that requested that token. This is implemented using asymmetric key cryptography and with keys that are generated and managed by the client application - no public key infrastructure (PKI) is required.
Sender constraining tokens using DPoP can be used to mitigate the risk of tokens being used by unauthorised parties if they are intercepted in transit or exfiltrated from applications. This helps to:
Auth0 will be rolling out SDK support for DPoP for native applications, single page applications, backend server APIs, and Auth0 management:
To evaluate DPoP for securing your tokens, contact your Auth0 representative. For more details, check out our product documentation.
We are delighted to announce that support for sender constraining tokens using Demonstrating Proof of Possession (DPoP) is now available in Early Access.
Demonstrating Proof of Possession (DPoP) as defined in RFC9449, is an application level mechanism for binding tokens issued by Auth0 to the client application that requested that token. This is implemented using asymmetric key cryptography and with keys that are generated and managed by the client application - no public key infrastructure (PKI) is required.
Sender constraining tokens using DPoP can be used to mitigate the risk of tokens being used by unauthorised parties if they are intercepted in transit or exfiltrated from applications. This helps to:
Auth0 will be rolling out SDK support for DPoP for native applications, single page applications, backend server APIs, and Auth0 management:
To evaluate DPoP for securing your tokens, contact your Auth0 representative. For more details, check out our product documentation.
We are delighted to announce that support for sender constraining tokens using Demonstrating Proof of Possession (DPoP) is now available in Early Access.
Demonstrating Proof of Possession (DPoP) as defined in RFC9449, is an application level mechanism for binding tokens issued by Auth0 to the client application that requested that token. This is implemented using asymmetric key cryptography and with keys that are generated and managed by the client application - no public key infrastructure (PKI) is required.
Sender constraining tokens using DPoP can be used to mitigate the risk of tokens being used by unauthorised parties if they are intercepted in transit or exfiltrated from applications. This helps to:
Auth0 will be rolling out SDK support for DPoP for native applications, single page applications, backend server APIs, and Auth0 management:
To evaluate DPoP for securing your tokens, contact your Auth0 representative. For more details, check out our product documentation.
We have expanded our security telemetry to include JA3 and JA4 TLS fingerprints. TLS fingerprinting is a proven technique for identifying client software based on the TLS handshake.
These signals help customers detect and respond to malicious traffic faster, identify suspicious client behavior, and correlate related activity across changing IPs and sessions.
Tenant Logs
JA3 and JA4 fingerprints are now logged in applicable authentication and security events such as Success Login, Failed Login, and Anomaly Detection.
Actions Integration
JA3 and JA4 fingerprints are now available in Actions for real-time, custom security responses, but only in the following triggers:
pre-user-registrationpost-user-registrationpost-loginTenant Access Control List (ACL) Support
You can also use the Tenant Access Control List to block specific TLS fingerprints directly by adding a rule. Alternatively, you can combine JA3 and JA4 signals with Actions to apply custom business logic, such as requiring MFA or conditionally denying access.
JA3 and JA4 provide a stable, high-entropy signal that is hard to spoof, helping you correlate malicious activity even across changing IPs and sessions.
Available for all Enterprise customers. Start using these signals today.
We have expanded our security telemetry to include JA3 and JA4 TLS fingerprints. TLS fingerprinting is a proven technique for identifying client software based on the TLS handshake.
These signals help customers detect and respond to malicious traffic faster, identify suspicious client behavior, and correlate related activity across changing IPs and sessions.
Tenant Logs
JA3 and JA4 fingerprints are now logged in applicable authentication and security events such as Success Login, Failed Login, and Anomaly Detection.
Actions Integration
JA3 and JA4 fingerprints are now available in Actions for real-time, custom security responses, but only in the following triggers:
pre-user-registrationpost-user-registrationpost-loginTenant Access Control List (ACL) Support
You can also use the Tenant Access Control List to block specific TLS fingerprints directly by adding a rule. Alternatively, you can combine JA3 and JA4 signals with Actions to apply custom business logic, such as requiring MFA or conditionally denying access.
JA3 and JA4 provide a stable, high-entropy signal that is hard to spoof, helping you correlate malicious activity even across changing IPs and sessions.
Available for all Enterprise customers. Start using these signals today.