Tenant Settings in the Auth0 Dashboard

The Tenant Settings page of the dashboard allows you to configure various settings related to your Auth0 tenant.


The following sections can be found on the initial page you're redirected to when opening up the settings area.


Use this section to customize some of the settings related to your tenant. These settings will be used in Lock, emails and various other pages being displayed to your end users.

  • Friendly Name: This is the name you want to be displayed to your users, usually the name of your company or organization.
  • Logo URL: In this field, enter the URL where you have a square image saved. This image will appear to your users on various screens and pages.
  • Support Email: The email used to contact your support team.
  • Support URL: The link to your company/organization support page.

Click SAVE when finished to submit your changes.

API Authorization Settings

Default Audience: Allows you to specify an API Identifier for a default audience when using the API Authorization flows. This will cause all Access Tokens issued by Auth0 to have this API Identifier specified as an audience.

This setting is equivalent to appending the audience to every authorization request made to the tenant for every application. This will cause new behavior that might result in breaking changes for some of your applications. Please contact support if you require assistance.

Default Directory: Name of the connection to be use for Password Grant exchanges. The Default Directory value should be the exact name of an existing connection of one of the following strategies: auth0-adldap, ad, auth0, email, sms, waad or adfs.

Error Pages

In the event of an authorization error, you may choose to display to your users either a generic error page or you can redirect users to your own customized error page.

Learn about Custom Error Pages.

Subscription and Payment

The Subscription tab allows you to review and change your current subscription and to move to another plan, as well as specify your billing details. You can learn more about changing your Subscription.

Active Users

The Active Users functionality has been moved to the Quota Utilization Report in the Support Center.

Dashboard Admins

Allows you to add or remove administrators for your Auth0 tenant, as well as review whether administrators have Multi-factor authentication enabled for their account. Learn about Dashboard Admins.


The Auth0 rules engine uses This section explains about how to build apps and extensions on top of webtask.

Learn more about Webtasks.


Login and Logout

Allowed Logout URLs: These are a set of URLs that are valid to redirect to after logout from Auth0 when no client_id is specified on the logout endpoint invocation. It's useful as a global list when Single Sign-on (SSO) is enabled. Learn more about Logout.

Tenant Login URI: In some scenarios Auth0 will need your tenant to start the OIDC login flow . This URI should point to a route in your application that starts the flow by redirecting to the /authorize endpoint. It would usually take the form of ''. Learn more about the tenant default login URI.

Session Timeout

Allows you to specify the SSO Cookie Timeout. This value is the login session lifetime, which is how long the session will stay valid, measured in minutes. The default value is 10080 minutes (or 7 days).

This is the session timeout for the Auth0 session. You can configure separately the timeouts used with tokens issued by Auth0, such as the OpenID Connect (OIDC) ID Token expiration claim or the SAML lifetime assertions. These are often used to drive the sessions on the applications (SAML SPs) themselves and are independent of the Auth0 (IdP) session.

Auth0 also sets a value for the session idle timeout, which is the allowed duration of inactivity for a session before a new session is required. Currently, this value is set at 7 days and is not configurable. If the SSO Cookie Timeout is set to longer than the idle timeout, then if the session is not used within 7 days, the session will expire and a new session must be created.

Learn more about Single Sign-on (SSO).

Global Application Information

The Global Client ID and Global Client Secret are used to generate tokens for legacy Auth0 APIs. Typically, you will not need these values. If you need to have the global client secret changed, please contact support.


Change Password flow v2: Turning this on enables a new version of the change password flow. The previous alternative has been deprecated and we strongly recommend enabling v2. This flag is presented only for backwards compatibility and once enabled you won't be able to disable it.

You can configure how the Change Password widget will look like at the Password Reset tab inside the Hosted Pages section of the dashboard.

Enable Application Connections: This flag determines whether all current connections shall be enabled when a new Application is created.