Auth0 Data Integration
04/2023
Last updated
04/2023
Last updated
The Oort identity security platform reads a variety of user account data and event data to build a full picture of the identity security posture of your Auth0 tenant.
The goal of this document is to serve as a guide to set up Oort with a data integration to your Auth0 tenant.
Note - Once this initial integration has been configured, Auth0 Log Streaming via the Oort app on the Auth0 Marketplace can be configured for near-real time analysis of events and identity-based threats.
For more information, please see the Auth0 Log Streaming & Marketplace App article.
Auth0 data integration is configured using a read-only API token.
To add the necessary configuration in Auth0, you need the Admin role.
Create a for use with Oort using the steps in the Auth0 documentation.
Select the Auth0 Management API as the API (this exists by default)
Add the following permission scopes:
read:users
Read Users
Get a list of Users
read:logs
Read Logs
Read Auth0 Event logs
read:user_logs
Read logs relating to users
Read Auth0 User logs
read:guardian_factors
Read Guardian factors configuration
Get a list of Users and Authenticator configurations
From the Application Settings tab, collect the Domain, Client ID, and Client Secret
The rest of the configuration is completed in the Oort console.
Login to your Oort tenant
From the Integrations tab, click Add Integration and select Auth0
Enter a display name, the Auth0 Domain URL, the Client ID and Client Secret from your Machine to Machine app created above.
Click Save.
On the Integrations screen, click the 3 dot menu and select Test Connectivity.
Once successfully verified, click the same menu again and click Collect Now to begin initial data collection.
NOTE - Due to Auth0 API rate limiting, the initial data collection, including historical log data, may take up to 24 hrs. Your Oort technical contact will assist with any questions in this process.