Production Readiness Checks: Best Practices
The following checks cannot be automated, so we recommend manually checking these areas prior to deployment to Production.
| Check | Description |
|---|---|
| Externalize Configuration Parameters | Externalize, instead of hard code, all configuration parameters, such as credentials, connection strings, API keys, and so on, when developing Rules, Hooks, or custom database connections. |
| Review the Single Sign-on (SSO) Timeout Values | Review the default SSO cookie timeout values and ensure they align with your requirements. |
| Tenants and Administrators | Review all tenants and tenant administrators to ensure they are correct. Decommission tenants that are no longer in use. Ensure that tenant administrators are limited to the necessary users. |
| Verify Client IDs in App Code | Ensure that the Client IDs in your application code align with their Auth0 Application configurations. |
| Add Auth0 Public IPs to Allowlist | Allowlist Auth0 IPs if you're connecting to internal services or services behind a firewall when using Rules, Hooks, or custom databases. You can get a list of IP addresses in the tool tip when configuring any of these items. |
| Review Attack Protection | It is recommended that you review Auth0 Protection capability and configuration. |