Private Cloud on Azure

The Private Cloud on Azure deployment option is a dedicated, managed instance of the Auth0 identity platform running on Microsoft Azure. It provides isolation, higher performance, separate development instances, various add-ons, and more.

The table below compares each deployment option for Private Cloud on Azure.

With Private Cloud on Azure, you choose the region where your data is stored. Auth0 can provide a list of available regions that use three availability zones for the deployment. A list of current regions where we offer private cloud deployments can be found in our Sub-processor Information posted to our Trust & Compliance page. In most cases, Okta deploys backups in the same selected Azure region.

Private Cloud on Azure instances have a 99.99% service level agreement (SLA).

If your application requires a significantly high amount of requests per second (RPS), you may also wish to consider Private Cloud on Azure. See the rate limits policies for more information about the standard rate limits. The Private Cloud on Azure deployments have a rate limit of 100 RPS for Private Basic, and enhanced rate limits of 500 RPS, 1,500 RPS, 3,000 RPS, and 6,000 RPS for Private Performance options.

Private Cloud on Azure Performance deployments include a fully-isolated and independently-updated instance for development and testing. You can add additional pre-production environments to meet your business requirements.

Guaranteed requests per second (RPS) and SLA do not apply to non-production environments.

Private Cloud on Azure is fully deployable in the following regions:

• USA

• Europe

• Australia

• Japan

• Canada

• Ireland

• France

• Germany

• Sweden

• Switzerland

• Netherlands

• Norway

• Brazil

• South Africa

• India

• United Arab Emirates

• South Korea

Okta provides rate limits for orgs based on the traffic that they expect to have, and subject to the RPS tier purchased. If your org experiences higher traffic than what is expected, this unplanned usage may potentially have an impact on end users. The Private Cloud offering is designed to handle gradual increases in transaction rate (e.g. an increase from 100 RPS to 1000 RPS over a period of 10 minutes) without any service impact. However, sudden and severe bursts in traffic (e.g. 100 RPS to 1000RPS increase in a matter of seconds) could lead to service instability and (increased latency) while the solution adjusts to handle the new load.

The Credential Guard add-on for breached password detection and the HIPAA compliance add-on are not currently available on Azure deployments.

After choosing Private Cloud on Azure, an onboarding and deployment process will be followed to configure your environment(s).

Upon contract signing, we will ask you to provide key information regarding your onboarding requirements, which we will then validate.

Once we validate your onboarding requirements, we will host a kickoff meeting with you to begin the implementation process. We strongly recommend that this meeting occur no later than five (5) days after the contract signing.

Immediately after the onboarding form validation, we will begin provisioning your environment.

At the end of this process, you're ready for the environment handover and your Private Cloud on Azure deployment is ready for use.

Private Cloud on Azure deployments are updated every week automatically. You can set a specific day and time during the week, if required.

This policy outlines the necessary requirements for Auth0 to perform load testing for Private Cloud on Azure customers who submit a request. You can file a load testing request via the Support Center. Under the Issue field, select Private Cloud Support Incident.

To be considered for approval, the request must:

• Be filed at least two (2) weeks prior to the desired test date; in many cases, Auth0 encourages one (1) month of advance notice to ensure time for a thorough review and any required modifications.

• Receive approval in writing before any testing is conducted.

• Stay within our published production rate limits.

• Include all information described in our Load Testing Policy.

If changes to infrastructure are requested, the cost will be determined based on your specific requirements.

If you perform a test that exceeds 500 RPS in a High Availability environment or 1500 RPS in a High Capacity environment, then the performance of the environment may be negatively affected, either with requests being slow or potentially the environment seizing. You should start with a low load and slowly increase until the environment has reached its peak. Should you require a load greater than what the environment can handle, then the environment size should be increased, if possible; you can work with your Technical Account Manager to discuss details.

For periods of anticipated high load, you must inform your account team no later than 14 days prior to the event. The notification provides the opportunity to adequately test scenarios (if possible) and aligns reactive support to the event.

Some Auth0 platform customizations, including Actions, custom webhooks, and custom database action scripts, allow secure outbound connections from the Auth0 platform to your own services and establish network connectivity between your Private Cloud deployment and your own services.

Secure outbound networking uses Azure Private Link by establishing an endpoint service in your Azure account. The underlying service can be an Azure-native service or a service running in a data center and must be in an Azure Virtual Network in the same Azure region as your Private Cloud deployment.

After you configure your Private Cloud deployment to make your endpoint service available, provide Auth0 with your endpoint service information so we can integrate the service with your deployment and provide information on how to access it from your customization code.

For more info on setting up endpoint services with Private Link, contact Azure. To coordinate service onboarding with Auth0, contact Auth0's Support Center.

To conduct a security test, please notify us in advance via the Auth0 Support Center. Auth0 requires at least one week (seven days) notice prior to your test's planned start date.

If the test is isolated to your infrastructure (that is, there will be no testing of Auth0 services), you do not need to notify Auth0.

For the information that we require, see our Penetration Testing Policy.

Auth0-managed certificates (in the format *.auth0app.com) are the responsibility of Auth0 to both obtain and apply. Auth0 will manage the process end-to-end and will prompt you with any action required.

Renewal of Auth0-issued certificates for custom domains is managed by Auth0.

Renewal of customer-managed certificates for custom domains (in the format *.<CustomerName>.com) is the customer’s responsibility to manage and obtain.

Auth0 provides logs that are accessible via the Dashboard or the log streaming endpoint.

You can reach out to the Auth0 Support team with any questions or concerns you might have. To help expedite your request, please provide as much information as possible in the Support ticket you open.