Private Cloud Infrastructure Requirements

Upon contract signing, we will ask you to provide key information regarding your onboarding requirements through an onboarding form, which we will then validate. Example information is detailed below.

Requirement	Private Cloud Basic	Private Cloud Performance and Performance Plus	Customer-hosted Private Cloud
Tenant names	Yes (PROD only)	Yes	Yes
DNS records and SSL certificates	No	No	Yes
Tenant administrators	Yes	Yes	Yes
Communication group email	Yes	Yes	Yes
SSO setup needs	Yes	Yes	Yes
Preferred production region	Yes	Yes	Yes (AWS region)
Preferred pre-production region	N/A	Yes	Yes (AWS region)
GEO-HA needs	N/A	Yes	Yes
Data sovereignty needs	Yes	Yes	No

You will need to provide tenant names for your App Tenant, Auth0 Dashboard, Support Tenant.

Tenant	Description
App Tenant	The App Tenant is the initial tenant where your applications reside. This is the primary tenant your users will interact with, and you'll manage this using the Auth0 Dashboard and API.
Auth0 Dashboard	The Dashboard is your web application's management interface.
Support Tenant	We will provide you with an account to access the Auth0 Support Center, where you can get information about your Auth0 environment and open support tickets. This account will be linked to your Private Cloud deployment and current Support plan. In general, the tenant name you use for support is formatted as follows: `customer_name-support`.

Sample domain name sets

The following is a sample set of domain names for a typical Pre-production and Production environment setup where the App Tenant's name is identity:

Pre-production
- identity.mycompany-dev.auth0.com
- manage.mycompany-dev.auth0.com
Production
- identity.mycompany.auth0.com
- manage.mycompany.auth0.com

Domain name requirements

Please finalize DNS names prior to Private Cloud deployment.

The following requirements must be met when selecting tenant and domain names:

The domain name you use for tenants hosted in the Private Cloud cannot be the same as any you're using for tenants hosted in the Public Cloud. If you want to use your domain name in use on the Public Cloud in the Private Cloud, we will need to delete your Public Cloud account.
Each domain name will end in auth0.com.
The App Tenant, Auth0 Dashboard, and Webtask must be a part of the same parent domain (such as mycompany.auth0.com).
The tenant name (such as identity.yourdomain.auth0.com) must be at least three characters long and must not contain any underscores(_).

In addition, reserved words cannot be used in tenant names. These include:


login	admin	app	manage	blog
ftp	mail	pop	pop3	imap
smtp	stage	stats	status	dev
logs	www	docs	sdk	ci
docker	styleguide	ask	it	cdn
api	releases	release	spf	feedback
help	support	int	auth

Please note that the Levenshtein distance from auth0 to the supplied name must be greater than two. This means that tenant names like auth or authy (and other similar names) cannot be used.

To find out if your tenant name meets this requirement, you can validate your selections using a Levenshtein Distance calculator.

Custom Domains

You can use custom domains with your Private Cloud deployment. To learn how to map your tenant domain to a chosen custom domain and manage the required certificates, see Custom Domains.

During onboarding, you will be asked to provide information about Dashboard and Tenant administrators. To create additional administrators post-onboarding, an existing administrator must submit a request to Auth0 Support. Please include:

Name(s) of the tenant(s) to which the new administrator should have access
Email addresses of administrators to be invited

Upon request, we can provide a daily uptime report of your Private Cloud deployment that will be sent to an email address (with a group alias) that you specify. You can also specify a group alias that will receive alerts if there is an issue.

We will ask whether you would like to set up Single Sign-On (SSO), and if so, whether you would like to use a specific connection.

We will ask for your preferred region(s). For Private Cloud deployments, these will correspond to an available Auth0 region. If you have a Pre-production environment, these can be different for Pre-production and Production.

With Private Cloud you can choose the region where your data is stored. Auth0 can provide a list of available regions that use three availability zones for the Private Cloud deployment. All data can remain and be stored in the chosen region. This is crucial in instances where regulations prevent data from being stored or processed outside the origin region.

For Private Cloud customers, by default, backups will be processed and stored in the United States (USA). Service logs will be processed in the region closest to where Private Cloud is hosted, currently, this includes:

Australia
Canada
Germany
India
Ireland
Japan
United States

If you have data sovereignty requirements, Auth0 supports Private Cloud deployments in the following regions:

United States
Europe
Australia
Canada
Japan

Otherwise, the Private Cloud can be supported in other regions (except China). Furthermore, Auth0 can deploy backups to AWS's S3 service in the same region that hosts the Private Cloud.

Auth0's Private Cloud instances have a 99.99% service level agreement (SLA).

If your application requires a significantly high amount of requests per second (RPS), you may also wish to consider Private Cloud. Public and Private Cloud deployment options support up to 100 requests per second (RPS). If you require more than 100 RPS, you should choose a Private Cloud deployment option. See the rate limits policies for more information about the standard rate limits. For Private Cloud deployments, the limit is 100 RPS with an upgrade to 1,500 RPS.

If your application is PCI Compliant or striving to be, and your requirements indicate that your identity provider also needs to be PCI compliant, this is only available as a Private Cloud addon. Public Cloud customers cannot acquire this benefit.

Docs