We have expanded our security telemetry to include JA3 and JA4 TLS fingerprints. TLS fingerprinting is a proven technique for identifying client software based on the TLS handshake.
These signals help customers detect and respond to malicious traffic faster, identify suspicious client behavior, and correlate related activity across changing IPs and sessions.
Tenant Logs
JA3 and JA4 fingerprints are now logged in applicable authentication and security events such as Success Login, Failed Login, and Anomaly Detection.
Actions Integration
JA3 and JA4 fingerprints are now available in Actions for real-time, custom security responses, but only in the following triggers:
pre-user-registrationpost-user-registrationpost-loginTenant Access Control List (ACL) Support
You can also use the Tenant Access Control List to block specific TLS fingerprints directly by adding a rule. Alternatively, you can combine JA3 and JA4 signals with Actions to apply custom business logic, such as requiring MFA or conditionally denying access.
JA3 and JA4 provide a stable, high-entropy signal that is hard to spoof, helping you correlate malicious activity even across changing IPs and sessions.
Available for all Enterprise customers. Start using these signals today.
We have expanded our security telemetry to include JA3 and JA4 TLS fingerprints. TLS fingerprinting is a proven technique for identifying client software based on the TLS handshake.
These signals help customers detect and respond to malicious traffic faster, identify suspicious client behavior, and correlate related activity across changing IPs and sessions.
Tenant Logs
JA3 and JA4 fingerprints are now logged in applicable authentication and security events such as Success Login, Failed Login, and Anomaly Detection.
Actions Integration
JA3 and JA4 fingerprints are now available in Actions for real-time, custom security responses, but only in the following triggers:
pre-user-registrationpost-user-registrationpost-loginTenant Access Control List (ACL) Support
You can also use the Tenant Access Control List to block specific TLS fingerprints directly by adding a rule. Alternatively, you can combine JA3 and JA4 signals with Actions to apply custom business logic, such as requiring MFA or conditionally denying access.
JA3 and JA4 provide a stable, high-entropy signal that is hard to spoof, helping you correlate malicious activity even across changing IPs and sessions.
Available for all Enterprise customers. Start using these signals today.
We have expanded our security telemetry to include JA3 and JA4 TLS fingerprints. TLS fingerprinting is a proven technique for identifying client software based on the TLS handshake.
These signals help customers detect and respond to malicious traffic faster, identify suspicious client behavior, and correlate related activity across changing IPs and sessions.
Tenant Logs
JA3 and JA4 fingerprints are now logged in applicable authentication and security events such as Success Login, Failed Login, and Anomaly Detection.
Actions Integration
JA3 and JA4 fingerprints are now available in Actions for real-time, custom security responses, but only in the following triggers:
pre-user-registrationpost-user-registrationpost-loginTenant Access Control List (ACL) Support
You can also use the Tenant Access Control List to block specific TLS fingerprints directly by adding a rule. Alternatively, you can combine JA3 and JA4 signals with Actions to apply custom business logic, such as requiring MFA or conditionally denying access.
JA3 and JA4 provide a stable, high-entropy signal that is hard to spoof, helping you correlate malicious activity even across changing IPs and sessions.
Available for all Enterprise customers. Start using these signals today.
We are excited to announce that Actions Transaction Metadata is now available in Early Access.
This feature allows you to set, share, and access, custom data between Actions run in the same post-login execution.
Early Access functionality includes:
event.transaction.metadata object within post-login Actions that contains the custom key/value pairs, which can be accessed through key.api.transaction.setMetadata function within post-login Actions that serves as interface to set the custom key/value pairs.boolean, number, string, or string serialization of object and array.Starting on September 11, 2025, we will be deprecating and removing the legacy, undocumented Management API Swagger Specification.
On September 11 2025, the endpoint path /api/v2/api-docs/ will be removed. After this date, any requests made to this path will result in a 404 Not Found error.
Please note that this endpoint and the Swagger specification it provides were never officially documented or intended for public use. The current Swagger specification available at this endpoint is unmaintained, undocumented, and does not reflect the full capabilities of our Management API. As part of our commitment to providing robust and reliable tools, we are removing this legacy specification to prevent confusion and potential issues.
We strongly encourage all users to migrate to our officially supported OpenAPI 3.1 Specification for the Management API, which is currently in Beta. This new specification is actively maintained and provides a more accurate and comprehensive development experience.
If any of your processes are calling the /api/v2/api-docs/ endpoints, take the following steps before September 11, 2025 to ensure your applications and services continue to function without interruption:
If the above does not address your needs or you have additional questions, contact us using the Auth0 by Okta Support Center or Auth0 by Okta Community.
We are excited to announce that Actions Transaction Metadata is now available in Early Access.
This feature allows you to set, share, and access, custom data between Actions run in the same post-login execution.
Early Access functionality includes:
event.transaction.metadata object within post-login Actions that contains the custom key/value pairs, which can be accessed through key.api.transaction.setMetadata function within post-login Actions that serves as interface to set the custom key/value pairs.boolean, number, string, or string serialization of object and array.Starting on September 11, 2025, we will be deprecating and removing the legacy, undocumented Management API Swagger Specification.
On September 11 2025, the endpoint path /api/v2/api-docs/ will be removed. After this date, any requests made to this path will result in a 404 Not Found error.
Please note that this endpoint and the Swagger specification it provides were never officially documented or intended for public use. The current Swagger specification available at this endpoint is unmaintained, undocumented, and does not reflect the full capabilities of our Management API. As part of our commitment to providing robust and reliable tools, we are removing this legacy specification to prevent confusion and potential issues.
We strongly encourage all users to migrate to our officially supported OpenAPI 3.1 Specification for the Management API, which is currently in Beta. This new specification is actively maintained and provides a more accurate and comprehensive development experience.
If any of your processes are calling the /api/v2/api-docs/ endpoints, take the following steps before September 11, 2025 to ensure your applications and services continue to function without interruption:
If the above does not address your needs or you have additional questions, contact us using the Auth0 by Okta Support Center or Auth0 by Okta Community.
We are excited to announce that Actions Transaction Metadata is now available in Early Access.
This feature allows you to set, share, and access, custom data between Actions run in the same post-login execution.
Early Access functionality includes:
event.transaction.metadata object within post-login Actions that contains the custom key/value pairs, which can be accessed through key.api.transaction.setMetadata function within post-login Actions that serves as interface to set the custom key/value pairs.boolean, number, string, or string serialization of object and array.Starting on September 11, 2025, we will be deprecating and removing the legacy, undocumented Management API Swagger Specification.
On September 11 2025, the endpoint path /api/v2/api-docs/ will be removed. After this date, any requests made to this path will result in a 404 Not Found error.
Please note that this endpoint and the Swagger specification it provides were never officially documented or intended for public use. The current Swagger specification available at this endpoint is unmaintained, undocumented, and does not reflect the full capabilities of our Management API. As part of our commitment to providing robust and reliable tools, we are removing this legacy specification to prevent confusion and potential issues.
We strongly encourage all users to migrate to our officially supported OpenAPI 3.1 Specification for the Management API, which is currently in Beta. This new specification is actively maintained and provides a more accurate and comprehensive development experience.
If any of your processes are calling the /api/v2/api-docs/ endpoints, take the following steps before September 11, 2025 to ensure your applications and services continue to function without interruption:
If the above does not address your needs or you have additional questions, contact us using the Auth0 by Okta Support Center or Auth0 by Okta Community.
We are excited to announce that Actions Transaction Metadata is now available in Early Access.
This feature allows you to set, share, and access, custom data between Actions run in the same post-login execution.
Early Access functionality includes:
event.transaction.metadata object within post-login Actions that contains the custom key/value pairs, which can be accessed through key.api.transaction.setMetadata function within post-login Actions that serves as interface to set the custom key/value pairs.boolean, number, string, or string serialization of object and array.Starting on September 11, 2025, we will be deprecating and removing the legacy, undocumented Management API Swagger Specification.
On September 11 2025, the endpoint path /api/v2/api-docs/ will be removed. After this date, any requests made to this path will result in a 404 Not Found error.
Please note that this endpoint and the Swagger specification it provides were never officially documented or intended for public use. The current Swagger specification available at this endpoint is unmaintained, undocumented, and does not reflect the full capabilities of our Management API. As part of our commitment to providing robust and reliable tools, we are removing this legacy specification to prevent confusion and potential issues.
We strongly encourage all users to migrate to our officially supported OpenAPI 3.1 Specification for the Management API, which is currently in Beta. This new specification is actively maintained and provides a more accurate and comprehensive development experience.
If any of your processes are calling the /api/v2/api-docs/ endpoints, take the following steps before September 11, 2025 to ensure your applications and services continue to function without interruption:
If the above does not address your needs or you have additional questions, contact us using the Auth0 by Okta Support Center or Auth0 by Okta Community.
We are excited to announce that Actions Transaction Metadata is now available in Early Access.
This feature allows you to set, share, and access, custom data between Actions run in the same post-login execution.
Early Access functionality includes:
event.transaction.metadata object within post-login Actions that contains the custom key/value pairs, which can be accessed through key.api.transaction.setMetadata function within post-login Actions that serves as interface to set the custom key/value pairs.boolean, number, string, or string serialization of object and array.Starting on September 11, 2025, we will be deprecating and removing the legacy, undocumented Management API Swagger Specification.
On September 11 2025, the endpoint path /api/v2/api-docs/ will be removed. After this date, any requests made to this path will result in a 404 Not Found error.
Please note that this endpoint and the Swagger specification it provides were never officially documented or intended for public use. The current Swagger specification available at this endpoint is unmaintained, undocumented, and does not reflect the full capabilities of our Management API. As part of our commitment to providing robust and reliable tools, we are removing this legacy specification to prevent confusion and potential issues.
We strongly encourage all users to migrate to our officially supported OpenAPI 3.1 Specification for the Management API, which is currently in Beta. This new specification is actively maintained and provides a more accurate and comprehensive development experience.
If any of your processes are calling the /api/v2/api-docs/ endpoints, take the following steps before September 11, 2025 to ensure your applications and services continue to function without interruption:
If the above does not address your needs or you have additional questions, contact us using the Auth0 by Okta Support Center or Auth0 by Okta Community.
We’re excited to announce that Multi-Resource Refresh Tokens (MRRT) is now in Early Access for all customers.
This feature allows applications to use a single refresh token to request access tokens for multiple resource servers (APIs), each with its own audience and scopes. MRRT simplifies token lifecycle management, enhances developer experience, and improves session continuity across distributed API architectures.
What’s New?
We're introducing a new feature that gives your end-users the flexibility to choose how they log in. Using Universal Login Custom Prompts, you can now add custom buttons to your login pages. This empowers your users to easily switch between a traditional database (password-based) connection and a passwordless (OTP-based) connection.
This update allows you to create a seamless experience where users can select their preferred authentication method directly from the login challenge screen.
For full details on this new feature, check out our documentation. To learn more about how to use custom prompts, see the custom prompts documentation.
We’re excited to announce the Early Access of Native to Web SSO is now available for all enterprise customers.
With this release, developers can:
📘 To get started:
We’re excited to announce that Multi-Resource Refresh Tokens (MRRT) is now in Early Access for all customers.
This feature allows applications to use a single refresh token to request access tokens for multiple resource servers (APIs), each with its own audience and scopes. MRRT simplifies token lifecycle management, enhances developer experience, and improves session continuity across distributed API architectures.
What’s New?
We’re excited to announce the Early Access of Native to Web SSO is now available for all enterprise customers.
With this release, developers can:
📘 To get started:
We're introducing a new feature that gives your end-users the flexibility to choose how they log in. Using Universal Login Custom Prompts, you can now add custom buttons to your login pages. This empowers your users to easily switch between a traditional database (password-based) connection and a passwordless (OTP-based) connection.
This update allows you to create a seamless experience where users can select their preferred authentication method directly from the login challenge screen.
For full details on this new feature, check out our documentation. To learn more about how to use custom prompts, see the custom prompts documentation.
We’re excited to announce that Multi-Resource Refresh Tokens (MRRT) is now in Early Access for all customers.
This feature allows applications to use a single refresh token to request access tokens for multiple resource servers (APIs), each with its own audience and scopes. MRRT simplifies token lifecycle management, enhances developer experience, and improves session continuity across distributed API architectures.
What’s New?