Configure Akamai as Reverse Proxy

Limited Access

Your Auth0 subscription plan and the login method you choose can affect feature availability. To learn more, read:

To set up Akamai as a reverse proxy, you need a plan with Host Header Override and True-Client-IP-Header features. To learn more about configuring these features, see Akamai Original Server Parameters.

  1. Configure Custom Domains with Self-Managed Certificates if you haven't already. Make note of the Origin Domain Name and cname-api-key values since you'll need these later.

  2. Create a CNAME and TXT record in Akamai for domain verification. To learn more, read Set up a CNAME redirect for an application in Akamai documentation.

  3. Add Settings to Host Header Override and the value to the edge.tenants.auth0.com.

    Setting Entry
    Host Header Override YOUR_TENANT.<CUSTOM_DOMAIN_ID>.edge.tenants.auth0.com
    Replace <CUSTOM_DOMAIN_ID> with the custom domain ID from the Origin Domain Name that you received from Auth0. If your tenants are not in the US region, use one of the following:
    EU: YOUR_TENANT.<CUSTOM_DOMAIN_ID>.edge.tenants.eu.auth0.com
    AU: YOUR_TENANT.<CUSTOM_DOMAIN_ID>.edge.tenants.au.auth0.com
    True-Client-IP Enable

  4. Add True-Client-IP header to settings and enable this flag.

  5. Now add a script for the configured CNAME in Akamai and Deploy.

Akamai server parameters

You may need to configure Akamai server parameters such as Origin Type, Origin Server Hostname, and Cache Key Hostname.

Configure Auth0

Use the Management API Update Custom Domain Configuration patch endpoint with the following in the body:

{
  "tls_policy": "recommended",
  "custom_client_ip_header": "true-client-ip"
}

Learn more