Docs

Dashboard Authentication Policy

Installing the Authorization Extension

Versionv2

Currently, we provide two ways of implementing role-based access control (RBAC), which you can use in place of or in combination with your API's own internal access control system:

We are expanding our Authorization Core feature set to match the functionality of the Authorization Extension and expect a final release in 2020. Our new core RBAC implementation improves performance and scalability and will eventually provide a more flexible RBAC system than the Authorization Extension.

For now, both implement the key features of RBAC and allow you to restrict the custom scopes defined for an API to those that have been assigned to the user as permissions. For a comparison, see Authorization Core vs. Authorization Extension.

This doc walks you through the process of installing the Authorization Extension.

Before you begin, make sure that you have an existing application that can be used with the Authorization Extension. Currently, you can use the following types of applications:

  • Native
  • Regular Web Applications
  • Single-Page Applications

Applications without an assigned type or Machine to Machine Applications cannot be used with this extension.

Multi-factor Authentication

Install the Extension

To install the Authorization Extension, click on the Auth0 Authorization box located on the Extensions page of the dashboard.

You will be prompted to install the extension and to choose where you would like to store your data. You can choose between Webtask Storage and an Amazon S3 bucket.

Unenrolling a Device from Multi-factor

Webtask Storage

The extension will use Webtask Storage by default, and you are limited to 500 KB of data. This is equivalent to:

  • 1000 groups and 3000 users, where each user is member of 3 groups
  • 20 groups and 7000 users, where each user is member of 3 groups

Other forms of authentication

Amazon S3

Alternatively, you can use Amazon S3 as a storage provider.

This extension has limitations in terms of performance and is not meant to be used with large data sets. Before you choose Amazon S3 for data storage, we recommend that you test and see how it performs for your case. Performance degradation is also a possibility as more data is added to S3.

To use Amazon S3 you need to:

  1. Create an S3 bucket
  2. Create an IAM user and get the Key ID and Key for that user
  3. Create a policy for the IAM user which allows the user to make changes to the bucket

Amazon S3 is a file-based storage platform, which means it writes in parallel. This may cause issues, but the extension's storage logic attempts to take this into account. However, if you automate the creation of groups/roles/permissions, we suggest that you do so using sequential calls to the API.

Install Authorization Extension

Once the extension is installed, you will see it listed under Installed Extensions.

Installed Extensions

Installing this extension creates an auth0-authz application for your account. Do not delete this application! If you uninstall the extension at a later date, this application will be deleted automatically.

When you click the link to open the extension for the first time, you will be asked to provide permission for the extension to access your Auth0 account. If you do, you will be redirected to the Authorization Dashboard.

Authorization Dashboard

Effectivity

Keep Reading