Production Readiness Checks: Best Practices

The following checks cannot be automated, so we recommend manually checking these areas prior to deployment to Production.

Check Description
Externalize Configuration Parameters Externalize, instead of hard code, all configuration parameters, such as credentials, connection strings, API keys, and so on, when developing Rules, Hooks, or custom database connections.
Review the Single Sign-on (SSO) Timeout Values Review the default SSO cookie timeout values and ensure they align with your requirements.
Tenants and Administrators Review all tenants and tenant administrators to ensure they are correct. Decommission tenants that are no longer in use. Ensure that tenant administrators are limited to the necessary users.
Verify Client IDs in App Code Ensure that the Client IDs in your application code align with their Auth0 Application configurations.
Add Auth0 Public IPs to Allowlist Allowlist Auth0 IPs if you're connecting to internal services or services behind a firewall when using Rules, Hooks, or custom databases. You can get a list of IP addresses in the tool tip when configuring any of these items.
Review Attack Protection It is recommended that you review Auth0 Protection capability and configuration.

Learn more