Remove Roles from Users
Connection Settings Best Practices
Review requested data
You should review the data you are requesting from each social connection. Users must grant consent for the requested data. Requesting a lot of unnecessary data may result in users declining the authorization request out of privacy concerns.
Set password policy for database connections
Configure the password policy for your Auth0 database connections so created users have strong passwords. You can configure the password policy in the database connection settings on the dashboard or with the Auth0 Management API.
Disable user signup if it's not appropriate for each database connection
In your database connection settings, specify if self-service user signups should be enabled. If you enabled this during development, check if you should disable it on production tenants.
Only enable this setting for production tenants if you allow end users to sign up in a self-service manner. If self-service signup is not allowed, disable the feature. You can then add users to the database connection with the Auth0 Management API.
Review applications enabled for each connection
For each connection, review the list of allowed applications. Make sure there are no unintended authentication paths into an application. By default, new applications may have all of your tenant's connections enabled, which may not be appropriate.
Use RSA-SHA256 for SAML connections
Configure any scopeSAML connections to sign requests and use RSA-SHA256 as the signature algorithm. This ensures the remote SAML Identity Provider can validate whether the authentication requests came from a legitimate application or not.