We are deprecating the ability to create more than one action per tenant for actions supporting custom phone or email providers and introducing a maximum limit of one action in the respective triggers:
custom-phone-providercustom-email-providerThis limitation applies to the Management API create an action endpoint (POST - /api/v2/actions/actions) and can impact integrations performing direct API calls and tools like the Auth0 Deploy CLI, the Auth0 Terraform Provider, or the Auth0 CLI.
We have provided additional information and timelines for enforcing this change across tenants through a dashboard and support center notification.
We are deprecating the ability to create more than one action per tenant for actions supporting custom phone or email providers and introducing a maximum limit of one action in the respective triggers:
custom-phone-providercustom-email-providerThis limitation applies to the Management API create an action endpoint (POST - /api/v2/actions/actions) and can impact integrations performing direct API calls and tools like the Auth0 Deploy CLI, the Auth0 Terraform Provider, or the Auth0 CLI.
We have provided additional information and timelines for enforcing this change across tenants through a dashboard and support center notification.
We are deprecating the ability to create more than one action per tenant for actions supporting custom phone or email providers and introducing a maximum limit of one action in the respective triggers:
custom-phone-providercustom-email-providerThis limitation applies to the Management API create an action endpoint (POST - /api/v2/actions/actions) and can impact integrations performing direct API calls and tools like the Auth0 Deploy CLI, the Auth0 Terraform Provider, or the Auth0 CLI.
We have provided additional information and timelines for enforcing this change across tenants through a dashboard and support center notification.
We’ve upgraded our bot detection model to improve accuracy and reduce friction for legitimate users, particularly on mobile devices and evolving browser platforms.
Highlights of this update include:
Improved interpretation of user-agent signals: The model now better handles previously unseen browser and OS versions, improving accuracy in distinguishing between legitimate users and malicious traffic.
Reduced friction for mobile users: We've updated the model to more accurately recognize native mobile app traffic, resulting in fewer unnecessary CAPTCHA challenges for real users.
Improved user experience without compromising security: These changes are designed to reduce false positives while maintaining robust bot detection coverage.
This enhanced security feature is available now to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed in the coming weeks, aligned with individual customer release schedules.
For activation details or to learn more about safeguarding your systems, please refer to our documentation or reach out to your account team. We are committed to supporting you in protecting your digital presence against evolving threats.
We’ve upgraded our bot detection model to improve accuracy and reduce friction for legitimate users, particularly on mobile devices and evolving browser platforms.
Highlights of this update include:
Improved interpretation of user-agent signals: The model now better handles previously unseen browser and OS versions, improving accuracy in distinguishing between legitimate users and malicious traffic.
Reduced friction for mobile users: We've updated the model to more accurately recognize native mobile app traffic, resulting in fewer unnecessary CAPTCHA challenges for real users.
Improved user experience without compromising security: These changes are designed to reduce false positives while maintaining robust bot detection coverage.
This enhanced security feature is available now to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed in the coming weeks, aligned with individual customer release schedules.
For activation details or to learn more about safeguarding your systems, please refer to our documentation or reach out to your account team. We are committed to supporting you in protecting your digital presence against evolving threats.
We’ve upgraded our bot detection model to improve accuracy and reduce friction for legitimate users, particularly on mobile devices and evolving browser platforms.
Highlights of this update include:
Improved interpretation of user-agent signals: The model now better handles previously unseen browser and OS versions, improving accuracy in distinguishing between legitimate users and malicious traffic.
Reduced friction for mobile users: We've updated the model to more accurately recognize native mobile app traffic, resulting in fewer unnecessary CAPTCHA challenges for real users.
Improved user experience without compromising security: These changes are designed to reduce false positives while maintaining robust bot detection coverage.
This enhanced security feature is available now to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed in the coming weeks, aligned with individual customer release schedules.
For activation details or to learn more about safeguarding your systems, please refer to our documentation or reach out to your account team. We are committed to supporting you in protecting your digital presence against evolving threats.
We’ve upgraded our bot detection model to improve accuracy and reduce friction for legitimate users, particularly on mobile devices and evolving browser platforms.
Highlights of this update include:
Improved interpretation of user-agent signals: The model now better handles previously unseen browser and OS versions, improving accuracy in distinguishing between legitimate users and malicious traffic.
Reduced friction for mobile users: We've updated the model to more accurately recognize native mobile app traffic, resulting in fewer unnecessary CAPTCHA challenges for real users.
Improved user experience without compromising security: These changes are designed to reduce false positives while maintaining robust bot detection coverage.
This enhanced security feature is available now to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed in the coming weeks, aligned with individual customer release schedules.
For activation details or to learn more about safeguarding your systems, please refer to our documentation or reach out to your account team. We are committed to supporting you in protecting your digital presence against evolving threats.
We’ve upgraded our bot detection model to improve accuracy and reduce friction for legitimate users, particularly on mobile devices and evolving browser platforms.
Highlights of this update include:
Improved interpretation of user-agent signals: The model now better handles previously unseen browser and OS versions, improving accuracy in distinguishing between legitimate users and malicious traffic.
Reduced friction for mobile users: We've updated the model to more accurately recognize native mobile app traffic, resulting in fewer unnecessary CAPTCHA challenges for real users.
Improved user experience without compromising security: These changes are designed to reduce false positives while maintaining robust bot detection coverage.
This enhanced security feature is available now to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed in the coming weeks, aligned with individual customer release schedules.
For activation details or to learn more about safeguarding your systems, please refer to our documentation or reach out to your account team. We are committed to supporting you in protecting your digital presence against evolving threats.
We’re excited to announce that the Okta AI-powered chatbot (Guide) Early Access offering has been enhanced with an additional data source - Security Center Metric Data. This additional capability is available only to Enterprise customers and can answer questions such as “do I have more sign up attacks this week compared to last week?”.
Guide is available to tenants in the US Public Cloud region. Within that group, Security Center Metric Data is available only for Enterprise customers. Guide will be rolled out to all Public Cloud regions in the near future.
We’re excited to announce that the Okta AI-powered chatbot (Guide) Early Access offering has been enhanced with an additional data source - Security Center Metric Data. This additional capability is available only to Enterprise customers and can answer questions such as “do I have more sign up attacks this week compared to last week?”.
Guide is available to tenants in the US Public Cloud region. Within that group, Security Center Metric Data is available only for Enterprise customers. Guide will be rolled out to all Public Cloud regions in the near future.
We’re excited to announce that the Okta AI-powered chatbot (Guide) Early Access offering has been enhanced with an additional data source - Security Center Metric Data. This additional capability is available only to Enterprise customers and can answer questions such as “do I have more sign up attacks this week compared to last week?”.
Guide is available to tenants in the US Public Cloud region. Within that group, Security Center Metric Data is available only for Enterprise customers. Guide will be rolled out to all Public Cloud regions in the near future.
We’re excited to announce that the Okta AI-powered chatbot (Guide) Early Access offering has been enhanced with an additional data source - Security Center Metric Data. This additional capability is available only to Enterprise customers and can answer questions such as “do I have more sign up attacks this week compared to last week?”.
Guide is available to tenants in the US Public Cloud region. Within that group, Security Center Metric Data is available only for Enterprise customers. Guide will be rolled out to all Public Cloud regions in the near future.
We’re excited to announce that the Okta AI-powered chatbot (Guide) Early Access offering has been enhanced with an additional data source - Security Center Metric Data. This additional capability is available only to Enterprise customers and can answer questions such as “do I have more sign up attacks this week compared to last week?”.
Guide is available to tenants in the US Public Cloud region. Within that group, Security Center Metric Data is available only for Enterprise customers. Guide will be rolled out to all Public Cloud regions in the near future.
We’re excited to announce the Early Access release of Private Key JWT Client Authentication for OIDC and Okta Enterprise Connections! Auth0 customers can now leverage a more secure and standards-based method of client authentication for their enterprise identity providers.
Until now, federated connections relied on long-lived client secrets for back-channel authentication. This feature enables signing with asymmetric keys on Okta and OIDC connections, reducing the risk of credential leakage and enabling secure key management and rotation.
While Auth0 already supports Private Key JWT when acting as the Identity Provider, this release extends that security posture to outbound enterprise connections, allowing Auth0 to securely authenticate to upstream IdPs using signed JWTs instead of shared secrets.
For complete setup instructions and more, refer to our documentation.
By using Private Key JWT Client Authentication on your OIDC and Okta Enterprise Connections, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement and Okta’s Privacy Policy during use of the Early Access feature. The Free Trial terms can be found within the Master Subscription Agreement.
We’re excited to announce that Multi-Resource Refresh Tokens (MRRT) is now in Early Access for Enterprise customers.
This feature allows applications to use a single refresh token to request access tokens for multiple resource servers (APIs), each with its own audience and scopes. MRRT simplifies token lifecycle management, enhances developer experience, and improves session continuity across distributed API architectures.
What’s New?
We’re excited to announce that Multi-Resource Refresh Tokens (MRRT) is now in Early Access for Enterprise customers.
This feature allows applications to use a single refresh token to request access tokens for multiple resource servers (APIs), each with its own audience and scopes. MRRT simplifies token lifecycle management, enhances developer experience, and improves session continuity across distributed API architectures.
What’s New?
We’re excited to announce the Early Access release of Private Key JWT Client Authentication for OIDC and Okta Enterprise Connections! Auth0 customers can now leverage a more secure and standards-based method of client authentication for their enterprise identity providers.
Until now, federated connections relied on long-lived client secrets for back-channel authentication. This feature enables signing with asymmetric keys on Okta and OIDC connections, reducing the risk of credential leakage and enabling secure key management and rotation.
While Auth0 already supports Private Key JWT when acting as the Identity Provider, this release extends that security posture to outbound enterprise connections, allowing Auth0 to securely authenticate to upstream IdPs using signed JWTs instead of shared secrets.
For complete setup instructions and more, refer to our documentation.
By using Private Key JWT Client Authentication on your OIDC and Okta Enterprise Connections, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement and Okta’s Privacy Policy during use of the Early Access feature. The Free Trial terms can be found within the Master Subscription Agreement.
We’re excited to announce that Multi-Resource Refresh Tokens (MRRT) is now in Early Access for Enterprise customers.
This feature allows applications to use a single refresh token to request access tokens for multiple resource servers (APIs), each with its own audience and scopes. MRRT simplifies token lifecycle management, enhances developer experience, and improves session continuity across distributed API architectures.
What’s New?
We’re excited to announce the Early Access release of Private Key JWT Client Authentication for OIDC and Okta Enterprise Connections! Auth0 customers can now leverage a more secure and standards-based method of client authentication for their enterprise identity providers.
Until now, federated connections relied on long-lived client secrets for back-channel authentication. This feature enables signing with asymmetric keys on Okta and OIDC connections, reducing the risk of credential leakage and enabling secure key management and rotation.
While Auth0 already supports Private Key JWT when acting as the Identity Provider, this release extends that security posture to outbound enterprise connections, allowing Auth0 to securely authenticate to upstream IdPs using signed JWTs instead of shared secrets.
For complete setup instructions and more, refer to our documentation.
By using Private Key JWT Client Authentication on your OIDC and Okta Enterprise Connections, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement and Okta’s Privacy Policy during use of the Early Access feature. The Free Trial terms can be found within the Master Subscription Agreement.
We’re excited to announce that Multi-Resource Refresh Tokens (MRRT) is now in Early Access for Enterprise customers.
This feature allows applications to use a single refresh token to request access tokens for multiple resource servers (APIs), each with its own audience and scopes. MRRT simplifies token lifecycle management, enhances developer experience, and improves session continuity across distributed API architectures.
What’s New?