Production Checks: Best Practices

The following checks cannot be automated, so we recommend manually checking these areas prior to deployment to Production.

Check Description
Anomaly Detection Review your account's Anomaly Detection capability and configuration.
Externalize Configuration Parameters Externalize, instead of hard code, all configuration parameters, such as credentials, connection strings, API keys, and so on, when developing Rules, Hooks, or custom database connections.
Restrict Delegation If not using Delegation, set the Allowed Apps and APIs field of your Application Settings to the current Client ID.
SSO Timeout Values Review the default SSO cookie timeout values and ensure they align with your requirements.
Tenants and Administrators Review all tenants and tenant administrators to ensure they are correct. Decommission tenants that are no longer in use. Ensure that tenant administrators are limited to the necessary users.
Verify Client IDs in App Code Ensure that the Client IDs in your application code align with their Auth0 Application configurations.
Whitelist Auth0 Public IPs Whitelist Auth0 IPs if you're connecting to internal services or services behind a firewall when using Rules, Hooks, or custom databases. You can get a list of IP addresses in the tool tip when configuring any of these items.