Configure Akamai as Reverse Proxy

Configure Akamai as Reverse Proxy

Availability varies by Auth0 plan and login method

Both the login implementation you use and your Auth0 plan or custom agreement affect whether this feature is available. To learn more, read New Universal Login vs. Classic Universal Login and Pricing.

To set up Akamai as a reverse proxy, you need a plan with Host Header Override and True-Client-IP-Header features. To learn more about configuring these features, see Akamai Original Server Parameters.

  1. Configure Custom Domains with Self-Managed Certificates if you haven't already. Make note of the Origin Domain Name and cname-api-key values since you'll need these later.

  2. Create a CNAME and TXT record in Akamai for domain verification. To learn more, read Set up a CNAME redirect for an application in Akamai documentation.

  3. Add Settings to Host Header Override and the value to the edge.tenants.auth0.com.

    Setting Entry
    Host Header Override YOUR_TENANT.<CUSTOM_DOMAIN_ID>.edge.tenants.auth0.com
    Replace <CUSTOM_DOMAIN_ID> with the custom domain ID from the Origin Domain Name that you received from Auth0. If your tenants are not in the US region, use one of the following:
    EU: YOUR_TENANT.<CUSTOM_DOMAIN_ID>.edge.tenants.eu.auth0.com
    AU: YOUR_TENANT.<CUSTOM_DOMAIN_ID>.edge.tenants.au.auth0.com
    True-Client-IP Enable

  4. Add True-Client-IP header to settings and enable this flag.

  5. Now add a script for the configured CNAME in Akamai and Deploy.

Akamai server parameters

You may need to configure Akamai server parameters such as Origin Type, Origin Server Hostname, and Cache Key Hostname.

Configure Auth0

Use the Management API Update Custom Domain Configuration patch endpoint with the following in the body:

{
  "tls_policy": "recommended",
  "custom_client_ip_header": "true-client-ip"
}

Was this helpful?

/

Learn more