identity & security

Auth0 by Okta: Teams

We’ve simplified how you manage your Auth0 tenants

TL;DR: In mid-February, we released Auth0 Teams- our new parent entity that consolidates managing tenants and tenant members and allows for clearer visibility into your Auth0 dashboard.

The Problem

Auth0 is a software-as-a-service (SaaS) product. As with any SaaS product, a risk-free and intuitive experience is key in helping accomplish any and all business objectives. However, we often come across products that are not impressive when it comes to complex multi-contributor, multi-resource deployments.

Our customers continue to leverage multiple environments (typically represented by numerous tenants) and resources while addressing Identity challenges in their business use cases.

As we continue to address Identity challenges in innovative ways, such as passwordless authentication with Passkeys and custom logic for pre and post-login with Auth0 Actions, we want to continue to afford our customers the protection and feature benefits that are ingrained in our products; especially when managing dashboard users and resources.

The Solution

Teams provides a platform to simplify the management of your tenants and tenant members while allowing for clearer visibility into the Auth0 dashboard. With Teams sitting on top of the tenant account membership, it’s the single point for visibility and control for a user to create, read, update, and delete any details within the tenant account membership.

The introduction of Teams now allows for:

  • Visibility and control of Team members
  • Visibility into Tenants with relevant details (region, tenant type, etc)
  • Visibility and control of Tenant members (who has access to which tenant with what role)
  • Ability to enforce Single Sign-On with your own Identity provider for all Team and Tenant member's access to Auth0
  • Ability to restrict tenant creation on a given Team
  • Ability to manage subscription and billing details (for self-service subscriptions)

Why Teams?

Auth0 prides itself on providing a platform that is designed to help implement complex Identity and security features without the need to become a security or Identity access management expert. We believe this so much that the very same features created for our developer community are the same features we use internally to build, expand, and enrich developer interactions.

Teams is a perfect example of “dogfooding”, the practice of using one's own products or services. Teams is built on the Auth0 Organizations feature that allows our B2B customers to better manage their partners and customers, therefore affording flexibility in customization of how end-users access their applications. Learn more here about how Organizations can help support your B2B, B2C and B2B2C use cases.

Beyond the value being delivered as part of Teams GA, we’re planning to leverage Teams further with the support of session controls for dashboard users, the programmatic team, and the tenant management API in the upcoming months. Stay tuned.

A view from a team owner shows a centralized place to visualize all tenants that belong to the account

A view from a team owner shows a centralized place to visualize all tenants that belong to the account.

Team owner's view of other team members

Team owner's view of other team members

Setting the menu of Teams, enabling or disabling tenant creation

Setting the menu of Teams, enabling or disabling tenant creation

View of security tab- allowing you to access and enable security policies like SSO

View of security tab- allowing you to access and enable security policies like SSO

Teams allows users to manage their dashboard more securely, while allowing for better collaboration of the dev team/s. This new feature provides relief if you’ve ever had to manage multiple Auth0 tenants and want to restrict permissions on tenant creation and deletion. Teams will help alleviate any stress that comes along with the outdated way of doing things.

Getting Started

Teams is turned on by default for new self-service users as of November 2023. For self-service customers that have been using Auth0 prior to November of 2023, Teams is automatically provisioned on plan upgrades.

Existing Enterprise Public and Private Cloud customers can request to be onboarded onto Teams through their Technical Account Manager or via Support.

FAQ

Can a customer have more than one Team?
We currently support only one Team per subscription. However, support for multiple Teams is an opportunity that we might consider in the future.

Are there any impacts as a result of opting into using Teams?
There are no impacts to using Teams. The initial provision state of Teams is “Tenant” and “Tenant Member Visibility,” with no behavioral changes or restrictions without an explicit user-actioned configuration change through the Teams Dashboard.

I am using Teams, and I want to associate a new tenant with my current subscription; what should I do?
Self-service customers can link a tenant under a free plan for which they are the tenant admin from the Teams Dashboard. Note that the tenant must not be currently attached to either another Team or a subscription. Enterprise customers can request a tenant to be linked to their team through their Technical Account Manager.

I am using Teams, and I have a Teams-associated issue; how do I get help?
Please open a general support ticket and select any of your tenants in order to contact support for team-specific reasons.

Will turning on the Teams Tenant Member Management affect how my users login?
Turning on Tenant Member Management will trigger the following:

  • Background process of adding existing tenant members to Teams as Team Contributors
  • The connection type used to login to the tenants associated with the team is activated on the Teams dashboard
  • Team owners can view and update connections used to login to the Teams dashboard
  • The login context is through Teams when Tenant Member Management is turned on

Why can’t I update or delete tenant members from the Teams Dashboard?
Support is coming in the near future. For now, tenant members can be deleted, and roles can be updated from the Auth0 Dashboard.

What happens if the Tenant Member Management replication process fails?
Toggle the feature off and back on. If the process is still failing, toggle the feature off and open a support ticket.

Why can some customers invite Tenant Members from Manage Dashboard and others can not?
Invitation from the Auth0 Dashboard is not allowed for Non-Enterprise customers (self-service & growth plans); however, it is allowed for Public Cloud Enterprise customers.

Why can’t some customers utilize SSO/JIT and Social Connections customization?
These features are not part of the Non-Enterprise customers (self-service & growth plans) plans but are available to our Public Cloud Enterprise customers.