Docs

Configure Azure CDN for Use as Reverse Proxy

Configure Azure CDN for Use as Reverse Proxy

Feature availability

Auth0 custom domains are available with any paid subscription plan. If you want to manage the SSL/TLS certificates yourself, you will need an Enterprise subscription. For more information refer to Auth0 pricing plans.

To set up Azure CDN as a reverse proxy, an Azure CDN Premium plan is required.

  1. Complete the steps on Configure Custom Domains with Self-Managed Certificates if you haven't already. Make note of the Origin Domain Name and cname-api-key values since you'll need these later.
  2. Login to the Azure Portal.
  3. Create a new Azure CDN Profile.
  4. Create a new Azure CDN endpoint using the CDN Profile you just created. For the CDN endpoint settings, use the following values:
Setting Value
Name We recommend naming your CDN endpoint like your custom domain name, replacing dots with dashes. For example: login-mydomain-com.azureedge.net.
Origin type Select Custom Origin
Origin hostname Enter YOUR_TENANT.<CUSTOM_DOMAIN_ID>.edge.tenants.auth0.com, making sure to replace <CUSTOM_DOMAIN_ID> with the custom domain ID from the Origin Domain Name you received from Auth0. If your tenants are not in the US region, use one of the following:
  • EU: YOUR_TENANT.<CUSTOM_DOMAIN_ID>.edge.tenants.eu.auth0.com
  • AU: YOUR_TENANT.<CUSTOM_DOMAIN_ID>.edge.tenants.au.auth0.com
Origin path Leave blank.
Origin host header Use the name you provided for the Origin hostname.
Protocol Disable HTTP so that only HTTPS is enabled.
  1. Add your custom domain to your Azure CDN endpoint.
  2. Configure HTTPS for your Azure CDN custom domain. This process requires you to verify ownership of the domain. Once done, it may take up to 6 hours to deploy the certificate to all of the CDN pop locations.
  3. Set up the configuration for the custom domain communication with Auth0 using the Azure CDN Rules Engine. Create a new Azure CDN Rule with the following settings:
Setting Value
Name/Description Auth0 Custom Domain
Type of requests Select the Edge CName option, then select your custom domain name from the list.
  1. Add the following Features to your Azure CDN Rule:
Setting Value
Bypass Cache Enabled
Modify Client Request Header Select Override, enter cname-api-key for the name, and enter the CNAME API Key provided by Auth0 as the value.

We recommend creating another Azure CDN Rule to deny the usage of the azureedge.net CNAME.

  1. Once the Azure CDN Rule is approved, the status will change from Pending XML to Active XML. At this point, Azure CDN will be publishing the rules and certificates. When Azure finishes processing all changes, you can use your custom domain.

Keep reading