Skip to main content

Integrate with Auth0

Follow this step by step guide to allow SlashID to monitor and protect your Auth0 Tenant.

First, you will create an Auth0 Application, grant it the required permissions and generate a client secret which allows SlashID to interact with Auth0 on your behalf.

Second, you will use the details of your new Auth0 Application to configure the integration in the SlashID Console.

IP allowlisting

If your endpoint or tenant restricts traffic by source IP, allow connections from SlashID's egress IPs published at https://cdn.slashid.com/egress.json. The list is global and stable; the syncToken field changes whenever the IPs change, so you can use it to detect drift.

The file follows the JAFAR draft format (A JSON-Based Format for Publishing IP Ranges of Automated HTTP Clients), the same convention major cloud providers use to publish their IP ranges.

Step 1: Create an Auth0 Application

  1. Log in to the Auth0 Dashboard.

  2. Navigate to 'Applications' > 'Applications' and click on '+ Create Application'.

List applications.

  1. Choose a name for your new Auth0 Application. Choose type 'Machine to Machine Applications' and click on 'Create'.

Create application.

  1. Select API 'Auth0 Management API' from the dropdown menu.

  2. Grant all read: permissions to the application and click on 'Authorize'.

Grant permissions to the application.

tip

Use the permissions' filter to quickly select all read: permissions.

Step 2: Gather the application's credentials

  1. Go to the 'Settings' tab of the application.

  2. Copy and store the application's 'Domain', 'Client ID' and 'Client Secret', which you will need in the next step.

Copy the application's credentials.

Step 3: Create your Auth0<>SlashID integration

  1. Go to the SlashID Console and navigate to 'Identity Protection' > 'Configuration' > 'Data sources' and click on 'Add data source'.

  2. Select 'Auth0' from the list of providers in the drop-down menu.

  3. Paste the Auth0 Application's 'Domain', 'Client ID', and 'Client Secret' in the boxes provided and click on the 'Connect' button to complete the setup.

note

The Auth0 Application Domain must start with https://. E.g., https://dev-wazrwbcy42bqhbxr.us.auth0.com.

SlashID is now monitoring your Auth0 Tenant for potential security issues. The initial data sync may take a couple of minutes, after which you can start exploring security events in the 'Identity Protection Dashboard' section of the SlashID Console.