Skip to main content Link Menu Expand (external link) Document Search Copy Copied

auth0 Security Checklist for DevSecOps

Table of contents

  1. Enable Multi-Factor Authentication (MFA)
  2. Set Strong Password Policies
  3. Limit Number of Devices
  4. Enable Anomaly Detection
  5. Regularly Rotate Client Secrets
  6. Restrict Allowed Callback URLs
  7. Enable Automated Log Monitoring and Alerts
  8. Use Role-Based Access Control (RBAC)

List of some best practices to auth0 for DevSecOps

Enable Multi-Factor Authentication (MFA)

auth0 rules create --name enable-mfa

Set Strong Password Policies

auth0 connections update

Limit Number of Devices

Use Auth0 Dashboard to set device limits

Enable Anomaly Detection

auth0 anomaly enable

Regularly Rotate Client Secrets

auth0 clients rotate-secret

Restrict Allowed Callback URLs

auth0 clients update --callbacks

Enable Automated Log Monitoring and Alerts

Use Auth0 Dashboard to configure alerts

Use Role-Based Access Control (RBAC)

auth0 roles create