developers

Auth0 Product Updates (July 2025): New Security Features, Global Regions, and Developer Previews

Enhanced developer security with PII masking in logs and improved bot detection, new global cloud regions, early access programs for Multiple Custom Domains, Passkey support, and more developer-focused features.

Ari Schapiro

Vice President, DLG

Aug 12, 20256 min read

Welcome to our July product update! 🎉 This month, we've been busy rolling out exciting new features, enhancing existing capabilities, and expanding our global footprint to provide you with an even more robust and flexible identity platform. Our focus remains on empowering developers and organizations to build secure, seamless, and scalable authentication experiences. You can also check the July release highlights on Youtube:

What's new this month

Enhancing Security & Compliance 🛡️

  • PII Obfuscation/Masking in Log Streaming: We're excited to introduce a new feature that allows you to mask sensitive Personally Identifiable Information (PII) directly within your log streams. This significantly enhances your security posture and helps meet compliance requirements by ensuring sensitive data isn't exposed in your logs. Learn more 📖.
  • Cascade Token and Session Revocation for Native to Web SSO: Improving token lifecycle management and session integrity, this update automatically revokes dependent web sessions and refresh tokens when the original refresh token is revoked. This is a crucial step for maintaining robust security across your applications. Learn more 📖.
  • Updates to Bot Detection: We’ve upgraded our bot detection model to improve accuracy and reduce friction for legitimate users, particularly on mobile devices and evolving browser platforms. Learn more 📖.

Screenshot of the Auth0 dashboard for configuring Bot Detection, showing options like Auth Challenge, Simple CAPTCHA, and Google reCAPTCHA

  • IETF JWT Profile for Access Tokens: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens - RFC9068 is now Generally Available for all customers. You are now able to opt-in to use the new profile for your Access Tokens on a per-API basis. Learn more 📖.

Expanding Global Reach 🌍

  • New Private Cloud Regions: To better serve our global customers and address data residency needs, we've expanded our Private Cloud offerings with new regions in Mexico 🇲🇽, Hong Kong 🇭🇰, and Calgary, Canada 🇨🇦.
  • Public Cloud Environment in Canada: We've also launched a new Public Cloud environment in Canada 🇨🇦, providing more options for organizations seeking local data hosting.

Early Access Programs 🚀

We're also excited about several features currently in Early Access, offering a glimpse into future enhancements:

  • Multiple Custom Domains on a Single Auth0 Tenant: simpler, more flexible branding and white-labeling. Allowing you to:

    • Deliver tailored, branded experiences for your users, including customized login URLs and emails.
    • Enhance security through the consistent use of custom domains across end-user interactions.
    • Scale B2B SaaS usage rapidly through Multiple Custom Domains (MCD) on a single tenant.

    Learn more and please send a request through the Auth0 Support Center if you are interested in participating!

Diagram illustrating the Multiple Custom Domains feature, with a central 'MarketZero Tenant' connected to four different custom domains

  • Passkey Support for Custom Database Connections (with import mode off): you can now leverage passkey support directly with your custom database connections, without needing import mode. Request access by contacting your Technical Account Manager.
  • My Account API Explorer: Empower your users with self-service capabilities. The new My Account API Explorer provides a user-friendly interface for managing their own account settings and preferences.Try it out.
  • Advanced Customizations for Universal Login: Gain even finer control over the look and feel of your Universal Login pages, allowing for a truly branded experience. Check out our online documentation to learn more about ACUL!

Advanced Customizations for Universal Login

  • Right-to-Left Language Support for Universal Login: Expanding our global accessibility, Universal Login now supports right-to-left languages, catering to a wider audience. Contact your Auth0 account manager or Auth0 Support to enable Early Access on your tenant.
  • Multi-Resource Refresh Tokens (MRRT): This feature allows applications to use a single refresh token to request access tokens for multiple resource servers (APIs), each with its own audience and scopes providing a more granular control and flexibility. Learn more 📖.

We're continuously working to bring you the best in authentication and authorization. These updates reflect our commitment to providing a secure 🔒, flexible 💪, and developer-friendly platform 🧑‍💻.

Where we were in July

  • DWX 2025 (June 30 – July 3, Mannheim, Germany) – Ramona Schwering presented "From the Crypt to the Code", diving into secure coding and modern auth strategies

  • WeAreDevelopers World Congress (July 9–11, Berlin, Germany) – Deepu K Sasidharan and Ramona Schwering were at the booth answering developer questions. They also found themselves on stage:

    • Ramona presented "The Cake Is a Lie... And So Is Your Login’s Accuracy", unpacking real-world login flaws and how to build trust in AI-era authentication
    • Deepu presented "Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue"
  • AWS Summit (July 16, New York, USA) – Fred Patton and Lily Wisecarver were at the booth connecting with cloud builders and answering developer questions.
  • dev_night (July 16, Tokyo, Japan) - Daizen Ikahara hosted a dev_night in Tokyo for the local developer community. Keep an eye out for our next dev_night Tokyo in the fall covering our extensibility capabilities.
  • TechRAMEN 2025 (July 26 - July 27, Asahikawa, Japan) - Daizen Ikahara presented a talk about FGA for RAG during the after conference.

Collection of images from past events in July

Thank you to all that stopped by to chat with us – We loved connecting with our developer community around the world.

Where we are going in August

  • Agentic AI Summit (August 2, Berkeley, USA) - Fred Patton and Shreya Gupta at the booth networking with the local developer community.
  • Google Cloud Next Tokyo 2025 (August 5, Tokyo, Japan) - Daizen Ikahara at the booth connecting with cloud builders
  • Build Secure AI Agents with Auth0 and Workers (August 5, virtual) - Juan Cruz Martinez hosting a workshop with CloudFlare developer advocate, Confidence Okoghenun, on how to build and securely deploy a Google Calendar-integrated personal assistant using Auth0 and Cloudflare.
  • AI Dev Tool Demo Night @ AWS Gen AI Loft (#2nd Edition) (August 8, San Francisco, USA) - Fred Patton presenting an Auth0 demo.
  • KCDC (August 14 - August 15, Kansas city, USA) - Ramona Schwering will present 2 sessions: A workshop titled “One Does Not Simply Build Authentication: UI Components to the Rescue!” and a session titled “The Cake Is a Lie... And So Is Your Login’s Accessibility”
  • Auth0 x AI Tinkerers Demo Night (August 26, New York, USA) - Fred Patton presenting an Auth0 demo.
  • TechBBQ (August 27 - August 28, Copenhagen, Denmark) - Two days of networking, sessions, and startup energy.

Will you be attending? Reach out! We’d love to connect and hear what you’re working on!