Auth0 IP Addresses for Allow Lists

If you have custom code executing in Auth0 that calls a service inside your network, or if you've configured an on-premise SMTP provider in Auth0, then you may need to configure your firewall to allow inbound traffic from Auth0.

Features that may require you to allow inbound traffic from Auth0 include:

Outbound calls

When Auth0 makes outbound calls, the IP addresses are static. Auth0 translates internal IP addresses to one of the displayed options when reaching out using NAT.

Public Cloud

For Public Cloud tenants, the IP addresses that you must allow through your firewall are specific to the tenant's region.

The list of IP addresses for each region are listed below:

United States,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,




United Kingdom,,

Private Cloud

For Private Cloud tenants, the IP addresses that you must allow through your firewall are unique to the tenant's environment. Auth0 may receive your tenant's private IP addresses if you enable features like Tenant Logs, Suspicious IP throttling, Custom Databases, and Actions that rely on them.

These IP addresses are known as Primary Egress IPs and are listed under the environment's configuration data available in the Auth0 Support Center.

Inbound calls

IP addresses related to inbound calls to Auth0 may be variable due to the lack of fixed IP addresses on the load balancers. In this case, firewall rules should operate on the name of the service (for example: <YOUR_TENANT>.<YOUR_REGION>

If your Auth0 subscription allows you to configure a self-managed custom domain, you can configure that custom domain to have a static IP address. Self-managed custom domains give you control over the network entry point and let you ensure that the IP address is fixed. For information on subscription plans, see Auth0 Pricing.

Learn more