Private Cloud Infrastructure Requirements

Upon contract signing, we will ask you to provide key information regarding your onboarding requirements through an onboarding form, which we will then validate. Example information is detailed below.

Requirement Private Cloud Basic Private Cloud Performance and Performance Plus Customer-hosted Private Cloud
Tenant names Yes (PROD only) Yes Yes
DNS records and SSL certificates No No Yes
Tenant administrators Yes Yes Yes
Communication group email Yes Yes Yes
SSO setup needs Yes Yes Yes
Preferred production region Yes Yes Yes (AWS region)
Preferred pre-production region N/A Yes Yes (AWS region)
GEO-HA needs N/A Yes Yes
Data sovereignty needs Yes Yes No

Tenant names

You will need to provide tenant names for your App Tenant, Auth0 Dashboard, Support Tenant.

Tenant Description
App Tenant The App Tenant is the initial tenant where your applications reside. This is the primary tenant your users will interact with, and you'll manage this using the Auth0 Dashboard and API.
Auth0 Dashboard The Dashboard is your web application's management interface.
Support Tenant We will provide you with an account to access the Auth0 Support Center, where you can get information about your Auth0 environment and open support tickets. This account will be linked to your Private Cloud deployment and current Support plan. In general, the tenant name you use for support is formatted as follows: customer_name-support.

Sample domain name sets

The following is a sample set of domain names for a typical Pre-production and Production environment setup where the App Tenant's name is identity:

  • Pre-production

    • identity.mycompany-dev.auth0.com

    • manage.mycompany-dev.auth0.com

  • Production

    • identity.mycompany.auth0.com

    • manage.mycompany.auth0.com

Domain name requirements

Please finalize DNS names prior to Private Cloud deployment.

The following requirements must be met when selecting tenant and domain names:

  • The domain name you use for tenants hosted in the Private Cloud cannot be the same as any you're using for tenants hosted in the Public Cloud. If you want to use your domain name in use on the Public Cloud in the Private Cloud, we will need to delete your Public Cloud account.

  • Each domain name will end in auth0.com.

  • The App Tenant, Auth0 Dashboard, and Webtask must be a part of the same parent domain (such as mycompany.auth0.com).

  • The tenant name (such as identity.yourdomain.auth0.com) must be at least three characters long and must not contain any underscores(_).

In addition, reserved words cannot be used in tenant names. These include:

login admin app manage blog
ftp mail pop pop3 imap
smtp stage stats status dev
logs www docs sdk ci
docker styleguide ask it cdn
api releases release spf feedback
help support int auth

Please note that the Levenshtein distance from auth0 to the supplied name must be greater than two. This means that tenant names like auth or authy (and other similar names) cannot be used.

To find out if your tenant name meets this requirement, you can validate your selections using a Levenshtein Distance calculator.

Custom Domains

You can use custom domains with your Private Cloud deployment. To learn how to map your tenant domain to a chosen custom domain and manage the required certificates, see Custom Domains.

Dashboard and tenant administrators

During onboarding, you will be asked to provide information about Dashboard and Tenant administrators. To create additional administrators post-onboarding, an existing administrator must submit a request to Auth0 Support. Please include:

  • Name(s) of the tenant(s) to which the new administrator should have access

  • Email addresses of administrators to be invited

Group email address

Upon request, we can provide a daily uptime report of your Private Cloud deployment that will be sent to an email address (with a group alias) that you specify. You can also specify a group alias that will receive alerts if there is an issue.

SSO setup

We will ask whether you would like to set up Single Sign-On (SSO), and if so, whether you would like to use a specific connection.

Preferred region(s)

We will ask for your preferred region(s). For Private Cloud deployments, these will correspond to an available Auth0 region. If you have a Pre-production environment, these can be different for Pre-production and Production.

With Private Cloud you can choose the region where your data is stored. Auth0 can provide a list of available regions that use three availability zones for the Private Cloud deployment. All data can remain and be stored in the chosen region. This is crucial in instances where regulations prevent data from being stored or processed outside the origin region.

Backups and logs

For Private Cloud customers, by default, backups will be processed and stored in the United States (USA). Service logs will be processed in the region closest to where Private Cloud is hosted, currently, this includes:

  • Australia

  • Canada

  • Germany

  • India

  • Ireland

  • Japan

  • United States

Data sovereignty

If you have data sovereignty requirements, Auth0 supports Public Cloud deployments in the following regions:

  • United States

  • Europe

  • Australia

  • Japan

Otherwise, the Private Cloud can be supported in other regions (except China). Furthermore, Auth0 can deploy backups to AWS's S3 service in the same region that hosts the Private Cloud.

Maximum availability

Auth0's Private Cloud instances have a 99.99% service level agreement (SLA).

High demand apps

If your application requires a significantly high amount of requests per second (RPS), you may also wish to consider Private Cloud. Public and Private Cloud deployment options support up to 100 requests per second (RPS). If you require more than 100 RPS, you should choose a Private Cloud deployment option. See the rate limits policies for more information about the standard rate limits. For Private Cloud deployments, the limit is 100 RPS with an upgrade to 1,500 RPS.

PCI compliance certification

If your application is PCI Compliant or striving to be, and your requirements indicate that your identity provider also needs to be PCI compliant, this is only available as a Private Cloud addon. Public Cloud customers cannot acquire this benefit.