Auth0 Deployment Models

Auth0 is offered in 4 deployment models:

  1. As a multi-tenant cloud service running on Auth0's cloud.
  2. As a dedicated cloud service running on Auth0's cloud.
  3. As a dedicated cloud service running on Customer's cloud infrastructure.
  4. As an on-premises virtual appliance running on Customer's data centers.

The following table describes operational and feature differences between each of these models.

Operational Differences

Where It Runs Auth0's Infrastructure Customer's Infrastructure
How It Runs Multi-Tenant Dedicated Cloud On-Premises
Public Facing Yes Yes Configurable Configurable
Updates Unscheduled.
Multiple times per day.

Staged in two zones.
Cumulative. Deployed post multi-tenant update after coordination with Customer. Scheduled with Customer.

Minimum 1/month, except critical updates (e.g. vulnerabilities, security updates)
Scheduled with Customer.

Minimum 1/month, except critical updates (e.g. vulnerabilities, security updates)
Deployment Configurations N/A High Availability;
Geo High Availability;
High Capacity
Single Node;
High Availability;
Geo High Availability;
High Capacity
Single Node;
High Availability;
Geo High Availability;
High Capacity
Service & Uptime Reporting http://status.auth0.com
http://uptime.auth0.com
Monitored by Auth0 Monitored by Auth0 and Customer's tools Monitored by Auth0 and Customer's tools
Uptime SLA Provided Yes Yes No No
Support Channels & Levels Same across all models

Feature Differences

Where It Runs Auth0's Infrastructure Customer's Infrastructure
How It Runs Multi-Tenant Dedicated Cloud On-Premises
SSO Lifetime Default Settings Configurable Configurable Configurable
User Search Lucene queries Simple attribute search or Lucene queries Simple attribute search or Lucene queries Simple attribute search or Lucene queries
Tenant Log Search Lucene queries Simple attribute search Simple attribute search Simple attribute search
Log Retention Up to 30 days (depends on subscription plan) Limited to 30 days Limited to 30 days Limited to 30 days
Code Sandbox Webtask (Javascript and C#) Webtask or in-process Webtask or in-process Webtask or in-process
Webtask Multi-Tenant Dedicated (Fixed NPM modules) Dedicated (Fixed NPM modules) On-Premises (Fixed NPM modules)
Anomaly Detection Brute Force and Breached Passwords Brute Force Brute Force Brute Force
Extensions Yes Yes * Yes * Yes *
Geolocation Yes Yes Yes Yes
Connecting IP Address Filtering Restrictions No No Yes Yes
Custom Domains No Yes ** Yes ** Yes **
Shared Resources Among Multiple Customers Yes No No No
MFA Yes Google Authenticator, Duo over TOTP/HOTP. Guardian is not available. Google Authenticator, Duo over TOTP/HOTP. Guardian is not available. Google Authenticator, Duo over TOTP/HOTP. Guardian is not available.
Internet Restricted No No No Optional ***

*See the Auth0 Appliance: Extensions page to learn more about configuring extensions with the Appliance.

**See Appliance Custom Domains for details. If your Appliance is hosted in the Auth0 Private Cloud, see Private Cloud Requirements.

***You may choose to operate the Appliance in an Internet-restricted environment. If you do so, you will not have access to:

  • Extensions;
  • Lock (requires access to the CDN hosting Lock);
  • Management/Authentication API Explorers (requires access to the CDN hosting the API Explorers);
  • Quickstarts (requires access to GitHub).