What's new this month
Welcome to our August product update! 🎉 We're thrilled to share new features that enhance flexibility, strengthen security, and improve developer experience. We're committed to making authentication seamless and secure for everyone, and these updates are a significant step forward in that mission.
Flexibility for Passwordless on Universal Login with Connection Switching
We're introducing a new feature that gives your end users the flexibility to choose how they log in. Using Universal Login Custom Prompts, you can now add custom buttons to your login pages. This empowers your users to easily switch between a traditional database (password-based) connection and a passwordless (OTP-based) connection.
This update allows you to create a seamless experience where users can select their preferred authentication method directly from the login challenge screen.
Read the docs on Connection Switching.
Non-Unique Emails (Early Access)
This highly requested feature allows multiple user accounts to share the same email address within a single database connection. This is particularly useful for various business use cases, such as managing parent and child accounts, small businesses with a shared email, or users who have multiple roles tied to one address.
This feature is production-ready for new database connections, and we're planning for its general availability in Q4 2025. Please note that once enabled, this setting is permanent for the connection and email cannot be used as a primary identifier.
Learn more about using Non-Unique Emails.
Enhanced security with DPoP and TLS Fingerprints
We've introduced two powerful new features to help you protect your users and applications:
Sender Constrained Tokens with DPoP (Early Access): We've added support for Demonstrating Proof of Possession (DPoP), an application-level mechanism that binds tokens to the client application. This significantly mitigates the risk of token theft and misuse, allowing you to use longer-lived access tokens without compromising security. SDK support for iOS Swift and Android Kotlin is available now, with more to follow.
Learn more about protecting your Access Tokens with DPoP.
JA3 and JA4 TLS Fingerprints in Tenant Logs and Actions: Now available for all Enterprise customers, JA3 and JA4 TLS Fingerprints provide a stable, hard-to-spoof signal to help you identify and respond to malicious traffic. These fingerprints are logged in applicable authentication and security events, and can be used within Auth0 Actions to create real-time, custom security responses. You can even use them in the Tenant Access Control List to block specific TLS fingerprints.
Learn more about JA3 and JA4 TLS Fingerprints.
Auth0 Teams Tenant Management and SSO enforcement for Private Cloud (Beta)
For our private cloud customers, we've launched new features for Auth0 Teams Tenant Member Management and SSO enforcement in beta. This update allows for centralized management of tenant membership and roles from the Auth0 Teams dashboard. Administrators can now enforce SSO for all team and tenant members, and operations are recorded in the Activity Log for a comprehensive audit trail. We've also streamlined user invitations and doubled the bulk tenant assignment limit to 10.
Actions - Transaction Metadata (Early Access)
This new feature allows developers to set, share, and access custom data between Actions running in the same post-login execution. This is a powerful way to pass information between different authentication pipeline stages, offering greater flexibility in customizing user flows.
Learn more about Actions Transaction Metadata.
Where we were in August
- Agentic AI Summit (August 2, Berkeley, USA) - Fred Patton, Shreya Gupta and Abhishek Hingnikar networked with the local developer community at our booth.
- Google Cloud Next Tokyo 2025 (August 5, Tokyo, Japan) - Daizen Ikahara connected with cloud builders at our booth.
- Build Secure AI Agents with Auth0 and Workers (August 5, virtual) - Juan Cruz Martinez hosted a workshop with CloudFlare developer advocate, Confidence Okoghenun, on how to build and securely deploy a Google Calendar-integrated personal assistant using Auth0 and Cloudflare.
- AI Dev Tool Demo Night @ AWS Gen AI Loft (#2nd Edition) (August 8, San Francisco, USA) - Fred Patton presented an Auth0 demo.
KCDC (August 14 - August 15, Kansas city, USA) - Ramona Schwering presented two sessions: A workshop titled “One Does Not Simply Build Authentication: UI Components to the Rescue!” and a session titled “The Cake Is a Lie... And So Is Your Login’s Accessibility”
- Auth0 x AI Tinkerers Demo Night (August 26, New York, USA) - Fred Patton presented an Auth0 demo.
- TechBBQ (August 27 - August 28, Copenhagen, Denmark) - Two days of networking, sessions, and startup energy.
Where to find us in September
- Smart AI 100 Summit (September 2, San Francisco, California, USA) - Shreya Gupta and Eli Rabek attending to network with the local startup community.
- dev_night London: AI from prompt to production (September 18, London, England) - Auth0 is hosting the meetup with DigitalOcean and LangChain. Come meet Deepu K Sasidharan and Carla Urrea Stabile.
- Camp AI: Product Demos and Founders Insights (September 18, San Francisco, California, USA) - Ready to build, scale, and secure your AI Apps? Join the Developer Led Growth Team alongside many of our partners for a night of innovation and summer camp vibes.
- Oktane (September 24-26, Las Vegas, Nevada, USA) Jess Temporal will present a workshop titled “Auth-ing your GenAI: Implementing Auth and Tool Calling in a NextJS-based chat with Auth for GenAI”.
- ValenciaRB (September 24, Valencia, Spain) - Carla Urrea Stabile will present “To generate or not generate, that is the question: building a ruby gem for OpenFGA” at the ValenciaRB Meetup.
- BarcelonaRB (September 25, Barcelona, Spain) - Carla Urrea Stabile will present a session at the Barcelona RB Meetup.
We're excited to see what you build with these new features. Stay tuned for more updates next month, and be sure to connect with us at an event near you!
About the author
Ari Schapiro
Vice President, DLG