Auth0 Deployment Models

Auth0 is offered in four deployment models:

  • As a multi-tenant cloud service running on Auth0's cloud
  • As a dedicated cloud service running on Auth0's cloud
  • As a dedicated cloud service running on Customer's cloud infrastructure
  • As an on-premises virtual Private SaaS (PSaaS) Appliance running on Customer's data centers

PSaaS Appliance is a managed service that you can use if your organization's requirements prevent you from using a multi-tenant cloud service. To learn more refer to Private SaaS (PSaaS) Appliance.

The following tables describe operational and feature differences between these models.

Operational Differences

Where It Runs Auth0's Infrastructure Customer's Infrastructure
How It Runs Multi-Tenant Dedicated Cloud On-Premises
Public Facing Yes Yes Configurable Configurable
Updates Unscheduled.
Multiple times per day.

Staged in two zones.
Cumulative. Deployed post multi-tenant update after coordination with Customer. Scheduled with Customer.

Minimum 1/month, except critical updates (e.g. vulnerabilities, security updates)
Scheduled with Customer.

Minimum 1/month, except critical updates (e.g. vulnerabilities, security updates)
Deployment Configurations N/A High Availability (HA);
Geo HA;
High Capacity;
Geo HA and High Capacity
High Availability (HA);
Geo HA;
High Capacity;
Geo HA and High Capacity
High Availability (HA);
Geo HA;
High Capacity;
Geo HA and High Capacity
Service & Uptime Reporting http://status.auth0.com
http://uptime.auth0.com
Monitored by Auth0 Monitored by Auth0 and Customer's tools Monitored by Auth0 and Customer's tools
Uptime SLA Provided Yes Yes No No
Support Channels & Levels Same across all models

Feature Differences

Where It Runs Auth0's Infrastructure Customer's Infrastructure
How It Runs Multi-Tenant Dedicated Cloud On-Premises
SSO Lifetime Default Settings Configurable Configurable Configurable
User Search Lucene queries Simple attribute search or Lucene queries Simple attribute search or Lucene queries Simple attribute search or Lucene queries
Tenant Log Search Lucene queries Simple attribute search Simple attribute search Simple attribute search
Log Retention Up to 30 days (depends on subscription plan) Limited to 30 days Limited to 30 days Limited to 30 days
Code Sandbox Webtask (Javascript and C#) Webtask or in-process Webtask or in-process Webtask or in-process
Webtask Multi-Tenant Dedicated (Fixed NPM modules) Dedicated (Fixed NPM modules) On-Premises (Fixed NPM modules)
Anomaly Detection Brute Force and Breached Passwords Brute Force Brute Force Brute Force
Extensions Yes Yes * Yes * Yes *
Geolocation Yes Yes Yes Yes
Connecting IP Address Filtering Restrictions No No Yes Yes
Custom Domains No Yes ** Yes ** Yes **
Shared Resources Among Multiple Customers Yes No No No
MFA Yes Available using SMS, Google Authenticator, Duo over TOTP/HOTP, and Push Notification with Guardian SDK. Available using SMS, Google Authenticator, Duo over TOTP/HOTP, and Push Notification with Guardian SDK. Available using SMS, Google Authenticator, Duo over TOTP/HOTP, and Push Notification with Guardian SDK.
Lock Yes Yes Yes Yes ***
Internet Restricted No No No Optional ***

*See the PSaaS Appliance: Extensions page to learn more about configuring extensions with the PSaaS Appliance.

**See PSaaS Appliance Custom Domains for details. If your PSaaS Appliance is hosted in the Auth0 Private Cloud, see Private Cloud Requirements.

***You may choose to operate the PSaaS Appliance in an Internet-restricted environment. If you do so, you will not have access to extensions, Lock (requires access to the CDN hosting Lock), Management/Authentication API Explorers (requires access to the CDN hosting the API Explorers), or Quickstarts (requires access to GitHub).

Take me Home
Getting Started
Next Tutorial
Developer Videos