Auth0 Log Streaming & Marketplace App

05/2023

Overview

The Oort identity security platform integrates with Auth0 tenants to collect user account information, sign-on, and application activity.

To enable near-real time analysis of user activity and events, Oort can leverage Auth0 log streaming to an AWS EventBridge streaming model. Then the Oort platform can capture the events in real-time.

UPDATE: The Oort log streaming functionality is now supported as an app in the Auth0 Marketplace. This enables even faster setup and time to value of the Oort near-real time analysis capabilities.

For more information, please see the Oort Identity Security app on the Auth0 Marketplace.

Prerequisites

You must already have an active Auth0 API-based integration configured in your Oort tenant setup. For more information, please see the Auth0 Data Integration article.

Auth0 Log Streaming Configuration

Permission requirements

This document assumes that you have the Admin role, which is required to modify the Monitoring section configuration of your Auth0 tenant.

Auth0 Setup Steps

These are the steps you need to go through to set up the Auth0 log streaming to Oort.

  1. Navigate to the Auth0 Marketplace entry for AWS EventBridge and add the integration.

  2. Log in to your Auth0 Dashboard, if you have not already.

  3. Navigate to Monitoring -> Streams

  4. Click + Create Stream

    1. Note - if you have reached the maximum number of streams for you Auth0 tenant, please contact Auth0 support to discuss options for adding additional streams.

  5. Select Amazon EventBridge and enter a unique name for your new Amazon EventBridge Event Stream.

  6. Create the AWS Event Source by providing your AWS Account ID and AWS Region.

    1. For Oort Production, the AWS Account ID is 988897525199

    2. For Oort Staging, the AWS Account ID is 909617834444

    3. If you are unsure which account ID to use, please contact cii-support@cisco.com

    4. All Oort environments are in AWS Region US East (Ohio) Note - this information can be viewed in your Oort tenant in step 1 below.

  1. Click Save. Auth0 provides you with an Event Source Name. Make sure to save your Event Source Name value.

  2. Complete the Oort steps below.

Oort Integration Steps

Within your Oort tenant where the existing Auth0 data connection resides, complete the following steps:

  1. Enter your Event Source Name from the Auth0 configuration above.

  2. Check the box to indicate that you've created the associated stream in Auth0.

  3. Click Save.

  4. Oort will complete the remaining configuration for your Oort tenant and inform you once the log streaming is in place and functioning.

Last updated