announcements

September 2025 in Auth0: Advanced Security Controls and Auth0 for AI Agents

Explore Auth0's September 2025 product updates, featuring Auth0 for AI Agents, Tenant Access Control List in GA, Dry Run for Auth0 Deploy CLI, and more.

Ari Schapiro

Vice President, DLG

Oct 16, 20257 min read

What's new

Welcome to our September product update! This time, our focus was squarely on empowering developers with better tooling and providing enterprise customers with the robust governance features they need for modern B2B SaaS applications and emerging AI agent use cases.

These updates reflect our continuous commitment to building the most secure, flexible, and developer-friendly identity platform.

Auth0 for AI Agents in Developer Preview

During Oktane 25 from September 24 - 26, 2025, we announced that Auth0 for AI Agents will be generally available (GA) in October. Watch the Auth0 Platform Keynote: Don’t just play the AI game. Win it securely with Auth0 and read the blog post Announcing Auth0 for AI Agents: Powering the Future of AI, Securely.

Strengthening security and governance

We continue to roll out powerful features to help you manage risk and maintain a strong security posture.

  • Tenant Access Control List (ACL) is now generally available: This security feature allows you to define custom lists to allow, block, or redirect requests based on predefined signals. This is a critical tool for tenant administrators looking to strengthen boundary security and control exactly who can access their Auth0 tenant environment.
    Learn more about the Tenant Access Control List.

Enhancing developer and admin workflows

Developer experience remains a core priority. We’ve added new tooling support and administrative shortcuts to reduce friction.

  • Announcing Dry Run for the Auth0 Deploy CLI (Early Access): One of the most requested features for the Auth0 Deploy CLI is here: you can now preview your deployment changes before applying them. Say goodbye to deployment anxiety. With the new --dry-run flag, you can get a detailed summary of exactly what resources will be created, updated, or deleted before you run an import. This brings the confidence of infrastructure-as-code practices like terraform plan to your Auth0 tenant management. Get started by adding the --dry-run flag to your import command to see a safe preview of your changes.
    Learn more about Dry Run for the Auth0 Deploy CLI.
Auth0 Deploy CLI Dry Run
  • Auth0 Teams: Streamlined team member invitations (Early Access): For Enterprise customers, we’ve made administrator onboarding dramatically easier. You can now pre-assign tenant access and roles directly within the team invitation modal, reducing administrative overhead and ensuring immediate access for new team members upon acceptance.
    Learn more about team member invitations.
Team Member invitation
  • Improved Auth0 Support Center experience: The Support Center has been redesigned to help you find answers faster. The new AI-powered search scans our knowledge base and learning content to deliver a single, tailored answer, helping developers and admins unblock themselves faster.
    Learn more about the redesign.

Building for enterprise and AI (Early Access Programs)

We are excited about several features that are currently in Early Access, setting up our B2B and AI-focused capabilities for the future.

  • Self-Service User Provisioning now in Early Access: We've expanded the Self-Service SSO experience with SCIM-based User Provisioning. This allows your customers' IT teams to manage user onboarding and offboarding directly, automating manual work. This release also introduces User Attribute Profiles (UAP), a standardized way to map, normalize, and sync user attributes across SAML, OIDC, and SCIM, ensuring data consistency.
    Learn more about the expanded Self-Service SSO experience.
  • Cross App Access (XAA) for Resource Applications is now in Beta: Designed to solve governance and consent fatigue in the enterprise, XAA for Resource Applications enables IT teams to centralize control over data sharing between AI agents and third-party SaaS apps. This eliminates constant user consent prompts and provides better visibility into cross-app data flows.
    Learn more about XAA for Resource Applications.

Where we were in September

  • Smart AI 100 Summit (September 2, San Francisco, California, USA) - Shreya Gupta and Eli Rabek attending to network with the local startup community.
  • Frontend Freunde (September 11, Munster, Germany) - Ramona Schwering presented “From the crypt to the code - Web Security erklärt mit Horrorfilm-Klassikern” at the Frontend Freunde Meetup.
  • MCP Server Builder Series (September 18, New York, New York, USA) - Luis Santos discussed securing MCP servers, agents and expanding on applying this to enterprise workforce use cases. Developer Advocate, Aydrain Howard, joined Luis to network with the local developer community.
  • dev_night London: AI from prompt to production (September 18, London, England) - Co-hosted with LangChain and DigitalOCean. Our advocates Deepu K Sasidharan and Carla Urrea Stabile were present, connecting with developers and talking about Generative AI with other industry leaders like Ali Spivak (Lead, Chrome Developer Relations at Google), ​Carly Richmond (Developer Advocate Lead at Elastic), Nuno Campos (Founding Engineer at LangChain), ​Abhimanyu Selvan (Developer Advocacy at DigitalOcean).
  • Camp AI: Product Demos and Founders Insights (September 18, San Francisco, California, USA) - Presented by Auth0, GitHub, AWS, and Vercel. The event consisted of Demos from AI dev tool startups like CircleCI, CodeAnt AI, Acuvity, Keyboard.dev, and Solid, and a panel with our very own @Aaron Parecki, April Leonard, VP Eng, Github, Peter Whitney, AI & Modern Data Strategy, AWS, and Aparna Sinha, SVP Product, Vercel.
  • ServerlessDays 2025 Tokyo (September 20-21, Tokyo Japan) - Daizen Ikehara presented “Don't Let Your AI Leak Secrets! Access Control in the RAG Era with ReBAC” and networked with the local developer community in Tokyo.
  • Oktane (September 24-26, Las Vegas, Nevada, USA) - Jess Temporal presented a workshop titled “Auth-ing your GenAI: Implementing Auth and Tool Calling in a NextJS-based chat with Auth for GenAI.”
  • ValenciaRB (September 24, Valencia, Spain) - Carla Urrea Stabile presented “To generate or not generate, that is the question: building a ruby gem for OpenFGA” at the ValenciaRB Meetup.
  • BarcelonaRB (September 25, Barcelona, Spain) - Carla Urrea Stabile presented a session at the Barcelona RB Meetup.
  • CData MCP Night - (September 26, Tokyo, Japan) - Daizen Ikehara attended to network with the local startup community.
  • Unicornicopia (September 29, Seattle, Washington, USA) - Lily Wisecarver and Sarah Gray attended to network with the local startup community.

Where we are going in October

  • NextJS Conf (October 22, San Francisco, California, USA) - Shreya Gupta and Fred Patton will be hosting a booth. Fred Patton will also be presenting "Ambient Agents on Next.js: Seven Levers for Token Efficiency."
  • ShipAI (October 23, San Francisco, California, USA) - Shreya Gupta and Fred Patton will be hosting a booth to connect with the SF AI Community.
  • dev_night Tokyo (October 23, Tokyo Japan) - Daizen Ikehara will be hosting the third installment of this developer meetup series in Tokyo to build a deeper connection with the local developer community.
  • Python Barcelona (October 23, Barcelona, Spain) - Carla Urrea Stabile will be presenting “Securing AI: a journey through access control systems” at the Python Barcelona Meetup.
  • Disrupt AI Meetup (October 28, San Francisco, California, USA) - Shreya Gupta, Calah Vargas, Eli Rabek, and Fred Patton will be attending to network with the local startup community.

  • MadridRB (October 30, Madrid, Spain) - Carla Urrea Stabile will be presenting “Building a ruby gem for OpenFGA.”

    Will you be attending any of these events? Reach out! We'd love to connect and hear what you're building next.