Private Cloud Infrastructure Requirements
Upon contract signing, we will ask you to provide key information regarding your onboarding requirements through an onboarding form, which we will then validate. Example information is detailed below.
|Requirement||Private Cloud Basic||Private Cloud Performance and Performance Plus||Customer-hosted Private Cloud|
|Tenant names||Yes (PROD only)||Yes||Yes|
|DNS records and SSL certificates||No||No||Yes|
|Communication group email||Yes||Yes||Yes|
|SSO setup needs||Yes||Yes||Yes|
|Preferred production region||Yes||Yes||Yes (AWS region)|
|Preferred pre-production region||N/A||Yes||Yes (AWS region)|
|Data sovereignty needs||Yes||Yes||No|
You will need to provide tenant names for your App Tenant, Auth0 Dashboard, Support Tenant.
|App Tenant||The App Tenant is the initial tenant where your applications reside. This is the primary tenant your users will interact with, and you'll manage this using the Auth0 Dashboard and API.|
|Auth0 Dashboard||The Dashboard is your web application's management interface.|
|Support Tenant||We will provide you with an account to access the Auth0 Support Center, where you can get information about your Auth0 environment and open support tickets. This account will be linked to your Private Cloud deployment and current Support plan. In general, the tenant name you use for support is formatted as follows:
Sample domain name sets
The following is a sample set of domain names for a typical Pre-production and Production environment setup where the App Tenant's name is identity:
Domain name requirements
Please finalize DNS names prior to Private Cloud deployment.
The following requirements must be met when selecting tenant and domain names:
The domain name you use for tenants hosted in the Private Cloud cannot be the same as any you're using for tenants hosted in the Public Cloud. If you want to use your domain name in use on the Public Cloud in the Private Cloud, we will need to delete your Public Cloud account.
Each domain name will end in auth0.com.
The App Tenant, Auth0 Dashboard, and Webtask must be a part of the same parent domain (such as
The tenant name (such as
identity.yourdomain.auth0.com) must be at least three characters long and must not contain any underscores(
In addition, reserved words cannot be used in tenant names. These include:
Please note that the Levenshtein distance from auth0 to the supplied name must be greater than two. This means that tenant names like
authy (and other similar names) cannot be used.
To find out if your tenant name meets this requirement, you can validate your selections using a Levenshtein Distance calculator.
You can use custom domains with your Private Cloud deployment. To learn how to map your tenant domain to a chosen custom domain and manage the required certificates, see Custom Domains.
Dashboard and tenant administrators
During onboarding, you will be asked to provide information about Dashboard and Tenant administrators. To create additional administrators post-onboarding, an existing administrator must submit a request to Auth0 Support. Please include:
Name(s) of the tenant(s) to which the new administrator should have access
Email addresses of administrators to be invited
Group email address
Upon request, we can provide a daily uptime report of your Private Cloud deployment that will be sent to an email address (with a group alias) that you specify. You can also specify a group alias that will receive alerts if there is an issue.
We will ask whether you would like to set up Single Sign-On (SSO), and if so, whether you would like to use a specific connection.
We will ask for your preferred region(s). For Private Cloud deployments, these will correspond to an available Auth0 region. If you have a Pre-production environment, these can be different for Pre-production and Production.
With Private Cloud you can choose the region where your data is stored. Auth0 can provide a list of available regions that use three availability zones for the Private Cloud deployment. All data can remain and be stored in the chosen region. This is crucial in instances where regulations prevent data from being stored or processed outside the origin region.
Backups and logs
For Private Cloud customers, by default, backups will be processed and stored in the United States (USA). Service logs will be processed in the region closest to where Private Cloud is hosted, currently, this includes:
If you have data sovereignty requirements, Auth0 supports Public Cloud deployments in the following regions:
Otherwise, the Private Cloud can be supported in other regions (except China). Furthermore, Auth0 can deploy backups to AWS's S3 service in the same region that hosts the Private Cloud.
Auth0's Private Cloud instances have a 99.99% service level agreement (SLA).
High demand apps
If your application requires a significantly high amount of requests per second (RPS), you may also wish to consider Private Cloud. Public and Private Cloud deployment options support up to 100 requests per second (RPS). If you require more than 100 RPS, you should choose a Private Cloud deployment option. See the rate limits policies for more information about the standard rate limits. For Private Cloud deployments, the limit is 100 RPS with an upgrade to 1,500 RPS.
PCI compliance certification
If your application is PCI Compliant or striving to be, and your requirements indicate that your identity provider also needs to be PCI compliant, this is only available as a Private Cloud addon. Public Cloud customers cannot acquire this benefit.