TL;DR: Auth0 takes security very seriously. If you want to learn how we handle security and protect your users, download our security white paper.
At Auth0, we have built state-of-the-art security into our product so our subscribers can take advantage of cutting edge features designed to protect their users and business. But features aren't enough. We go beyond best practices in our security program, so other businesses can rely on us to help keep the malicious actors out, and simplify letting the right people in. You can find the security white paper that we have just released in here or at the Auth0's Security page.
This white paper is an analysis and explanation of how we handle security. In this document, we have detailed our approach to this subject from many different perspectives. We discuss how we deal with People and Processes, how we handle Disaster Recovery and Backup, and much more. With this information, our subscribers can better understand how their data is protected and what measures we actively take to guarantee that sensitive data won't fall into the wrong hands.
Below, you can view the table of contents for the white paper. The whole document can be found here.
- Introduction - Dedicated Security Team |- People and Processes |- Background Checks |- Security Awareness |- Access Requests |- Security Policies |- Privacy - Secure Product Development |- Specification Compliance |- Authentication Experts |- Code Review |- Development Tools |- Secret Management |- White Hat Program |- OWASP Compliance |- Deployment Process - Third-Party Compliance |- SOC II Type 2 |- External Security Assessments - Infrastructure and Data Security |- Cloud Security |- Infrastructure as Code |- Network Security |- Security Monitoring |- Authentication |- Data Encryption |- Laptop and Mobile Device Security - Disaster Recovery and Backup |- Business Continuity Plan |- Backup Strategy - Vendor security |- Security Team Review |- Privacy Considerations - Summary
We hope that by releasing the security white paper, we can achieve greater transparency with our subscribers and the whole community of developers, security experts, and partners. We also hope that by making this information publicly available and concise in one document, interested parties will feel more confident about Auth0's practices and processes.
Lastly, we’d really love to encourage interested parties to analyze, question, and comment our approach to security. Please, feel free to ping us if you have any doubts or suggestions.
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding billions of login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.