We’re excited to announce the Early Access of Native to Web SSO is now available for all enterprise customers.
With this release, developers can:
📘 To get started:
We're introducing a new feature that gives your end-users the flexibility to choose how they log in. Using Universal Login Custom Prompts, you can now add custom buttons to your login pages. This empowers your users to easily switch between a traditional database (password-based) connection and a passwordless (OTP-based) connection.
This update allows you to create a seamless experience where users can select their preferred authentication method directly from the login challenge screen.
For full details on this new feature, check out our documentation. To learn more about how to use custom prompts, see the custom prompts documentation.
We’re excited to announce that Multi-Resource Refresh Tokens (MRRT) is now in Early Access for all customers.
This feature allows applications to use a single refresh token to request access tokens for multiple resource servers (APIs), each with its own audience and scopes. MRRT simplifies token lifecycle management, enhances developer experience, and improves session continuity across distributed API architectures.
What’s New?
We’re excited to announce the Early Access of Native to Web SSO is now available for all enterprise customers.
With this release, developers can:
📘 To get started:
We're introducing a new feature that gives your end-users the flexibility to choose how they log in. Using Universal Login Custom Prompts, you can now add custom buttons to your login pages. This empowers your users to easily switch between a traditional database (password-based) connection and a passwordless (OTP-based) connection.
This update allows you to create a seamless experience where users can select their preferred authentication method directly from the login challenge screen.
For full details on this new feature, check out our documentation. To learn more about how to use custom prompts, see the custom prompts documentation.
We're introducing a new feature that gives your end-users the flexibility to choose how they log in. Using Universal Login Custom Prompts, you can now add custom buttons to your login pages. This empowers your users to easily switch between a traditional database (password-based) connection and a passwordless (OTP-based) connection.
This update allows you to create a seamless experience where users can select their preferred authentication method directly from the login challenge screen.
For full details on this new feature, check out our documentation. To learn more about how to use custom prompts, see the custom prompts documentation.
We’re excited to announce that Multi-Resource Refresh Tokens (MRRT) is now in Early Access for all customers.
This feature allows applications to use a single refresh token to request access tokens for multiple resource servers (APIs), each with its own audience and scopes. MRRT simplifies token lifecycle management, enhances developer experience, and improves session continuity across distributed API architectures.
What’s New?
We’re excited to announce the Early Access of Native to Web SSO is now available for all enterprise customers.
With this release, developers can:
📘 To get started:
What changed: When the user's email is available, Auth0 will now send an email notification for brute‑force blocks in all identifier scenarios (e.g., phone, username), supplementing existing delivery rules.
Why it matters: Ensures users receive blocking notifications consistently even when logging in via phone or username, improving visibility and response.
To learn more about Brute Force Protection read on online documentation here
We’ve improved our bot detection model to strike a better balance between security and user experience, with specific gains for tenants whose users frequently access resources via VPN.
Highlights of this update include:
Reduced false positives for VPN users: The model now more effectively distinguishes between legitimate users and bots, even when traffic originates from shared IPs or anonymized networks.
Improved user experience without compromising security: These updates are designed to reduce unnecessary friction for valid users while maintaining strong defenses against automated threats.
This enhanced security capability is now available to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed over the coming weeks in alignment with individual customer release schedules.
For activation details or to learn more about protecting your applications, please refer to our documentation or contact your account team. We're committed to helping you stay secure in an evolving threat landscape.
We’ve improved our bot detection model to strike a better balance between security and user experience, with specific gains for tenants whose users frequently access resources via VPN.
Highlights of this update include:
Reduced false positives for VPN users: The model now more effectively distinguishes between legitimate users and bots, even when traffic originates from shared IPs or anonymized networks.
Improved user experience without compromising security: These updates are designed to reduce unnecessary friction for valid users while maintaining strong defenses against automated threats.
This enhanced security capability is now available to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed over the coming weeks in alignment with individual customer release schedules.
For activation details or to learn more about protecting your applications, please refer to our documentation or contact your account team. We're committed to helping you stay secure in an evolving threat landscape.
What changed: When the user's email is available, Auth0 will now send an email notification for brute‑force blocks in all identifier scenarios (e.g., phone, username), supplementing existing delivery rules.
Why it matters: Ensures users receive blocking notifications consistently even when logging in via phone or username, improving visibility and response.
To learn more about Brute Force Protection read on online documentation here
We’ve improved our bot detection model to strike a better balance between security and user experience, with specific gains for tenants whose users frequently access resources via VPN.
Highlights of this update include:
Reduced false positives for VPN users: The model now more effectively distinguishes between legitimate users and bots, even when traffic originates from shared IPs or anonymized networks.
Improved user experience without compromising security: These updates are designed to reduce unnecessary friction for valid users while maintaining strong defenses against automated threats.
This enhanced security capability is now available to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed over the coming weeks in alignment with individual customer release schedules.
For activation details or to learn more about protecting your applications, please refer to our documentation or contact your account team. We're committed to helping you stay secure in an evolving threat landscape.
What changed: When the user's email is available, Auth0 will now send an email notification for brute‑force blocks in all identifier scenarios (e.g., phone, username), supplementing existing delivery rules.
Why it matters: Ensures users receive blocking notifications consistently even when logging in via phone or username, improving visibility and response.
To learn more about Brute Force Protection read on online documentation here
We’ve improved our bot detection model to strike a better balance between security and user experience, with specific gains for tenants whose users frequently access resources via VPN.
Highlights of this update include:
Reduced false positives for VPN users: The model now more effectively distinguishes between legitimate users and bots, even when traffic originates from shared IPs or anonymized networks.
Improved user experience without compromising security: These updates are designed to reduce unnecessary friction for valid users while maintaining strong defenses against automated threats.
This enhanced security capability is now available to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed over the coming weeks in alignment with individual customer release schedules.
For activation details or to learn more about protecting your applications, please refer to our documentation or contact your account team. We're committed to helping you stay secure in an evolving threat landscape.
What changed: When the user's email is available, Auth0 will now send an email notification for brute‑force blocks in all identifier scenarios (e.g., phone, username), supplementing existing delivery rules.
Why it matters: Ensures users receive blocking notifications consistently even when logging in via phone or username, improving visibility and response.
To learn more about Brute Force Protection read on online documentation here
We’ve improved our bot detection model to strike a better balance between security and user experience, with specific gains for tenants whose users frequently access resources via VPN.
Highlights of this update include:
Reduced false positives for VPN users: The model now more effectively distinguishes between legitimate users and bots, even when traffic originates from shared IPs or anonymized networks.
Improved user experience without compromising security: These updates are designed to reduce unnecessary friction for valid users while maintaining strong defenses against automated threats.
This enhanced security capability is now available to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed over the coming weeks in alignment with individual customer release schedules.
For activation details or to learn more about protecting your applications, please refer to our documentation or contact your account team. We're committed to helping you stay secure in an evolving threat landscape.
What changed: When the user's email is available, Auth0 will now send an email notification for brute‑force blocks in all identifier scenarios (e.g., phone, username), supplementing existing delivery rules.
Why it matters: Ensures users receive blocking notifications consistently even when logging in via phone or username, improving visibility and response.
To learn more about Brute Force Protection read on online documentation here
Introducing a new capability for log streaming: PII Masking.
This feature allows customers to obfuscate (hash or mask) sensitive personal identifiable information (e.g., email address, phone number, username, etc.) within their log streams. This enhancement improves security and compliance for customers who stream their logs to data lakes or third-party tools.
Key Features:
This update aligns with Auth0's commitment to improving customer data security and providing more customization in log stream outputs
For more information - Log Streams
Introducing a new capability for log streaming: PII Masking.
This feature allows customers to obfuscate (hash or mask) sensitive personal identifiable information (e.g., email address, phone number, username, etc.) within their log streams. This enhancement improves security and compliance for customers who stream their logs to data lakes or third-party tools.
Key Features:
This update aligns with Auth0's commitment to improving customer data security and providing more customization in log stream outputs
For more information - Log Streams