Comment on page
Auth0 Data Integration
04/2023
The Oort identity security platform reads a variety of user account data and event data to build a full picture of the identity security posture of your Auth0 tenant.
The goal of this document is to serve as a guide to set up Oort with a data integration to your Auth0 tenant.
Note - Once this initial integration has been configured, Auth0 Log Streaming via the Oort app on the Auth0 Marketplace can be configured for near-real time analysis of events and identity-based threats.
Auth0 data integration is configured using a read-only API token.
To add the necessary configuration in Auth0, you need the Admin role.
- 1.Create a Machine to Machine Application in Auth0 for use with Oort using the steps in the Auth0 documentation.
- 2.Select the Auth0 Management API as the API (this exists by default)
- 3.Add the following permission scopes:ScopeDescriptionPurpose
read:users
Read UsersGet a list of Usersread:logs
Read LogsRead Auth0 Event logsread:user_logs
Read logs relating to usersRead Auth0 User logsread:guardian_factors
Read Guardian factors configurationGet a list of Users and Authenticator configurations - 4.From the Application Settings tab, collect the Domain, Client ID, and Client Secret
The rest of the configuration is completed in the Oort console.
- 1.Login to your Oort tenant
- 2.From the Integrations tab, click Add Integration and select Auth0
- 3.Enter a display name, the Auth0 Domain URL, the Client ID and Client Secret from your Machine to Machine app created above.
- 4.Click Save.
- 5.On the Integrations screen, click the 3 dot menu and select Test Connectivity.
- 6.Once successfully verified, click the same menu again and click Collect Now to begin initial data collection.
NOTE - Due to Auth0 API rate limiting, the initial data collection, including historical log data, may take up to 24 hrs. Your Oort technical contact will assist with any questions in this process.
Last modified 6mo ago