Welcome! If you are new to Auth0, you are in the right place. Here we will cover how to get started using Auth0.
Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications. Your team and organization can avoid the cost, time, and risk that comes with building your own solution to authenticate and authorize users.
Connect any application (written in any language or on any stack) to your Auth0 tenant and define the identity providers you want to use (how you want your users to log in).
Based on your app's technology, choose one of our SDKs (or call our APIs), and hook it up to your app. Now each time a user tries to authenticate, Auth0 will verify their identity and send the required information back to your app. You can also register a custom API and configure the tokens, role-based access control (RBAC), and other access settings and permissions.
Configure how your Auth0 tenants, apps, and APIs work together to optimize how you authenticate and authorize your users.
Use cases for Auth0
Take a look at just a few of Auth0's use cases:
You built an awesome app and you want to add user authentication and authorization. Your users should be able to log in either with a username/password or with their social accounts (such as Facebook or Twitter). You want to retrieve the user's profile after the login so you can customize the UI and apply your authorization policies.
You built an API and you want to secure it with OAuth 2.0.
You have more than one app, and you want to implement Single Sign-on (SSO).
You have a web app that needs to authenticate users using Security Assertion Markup Language (SAML).
You believe passwords are broken and you want your users to log in with one-time codes delivered by email or SMS.
If one of your user's email addresses is compromised in some site's public data breach, you want to be notified, and you want to notify the users and/or block them from logging in to your app until they reset their password.
You want to act proactively to block suspicious IP addresses if they make consecutive failed login attempts, in order to avoid DDoS attacks.
You are part of a large organization that wants to federate your existing enterprise directory service to allow employees to log in to the various internal and third-party applications using their existing enterprise credentials.
You don't want (or you don't know how) to implement your own user management solution. Password resets, creating, provisioning, blocking, and deleting users, and the UI to manage all these. You just want to focus on your app.
You want to enforce multi-factor authentication (MFA) when your users want to access sensitive data.
You are looking for an identity solution that will help you stay on top of the constantly growing compliance requirements of SOC2, GDPR, PCI DSS, HIPAA, and others.
You want to monitor users on your site or application. You plan on using this data to create funnels, measure user retention, and improve your sign-up flow.