Entity Limit Policy

Entities in Auth0 are tenant configuration elements such as applications, connections, rules, and API resource servers.

Notifications

Auth0 provides notifications to you when you are approaching (80%) and when you have reached your respective entity limits (100% or higher). We will also provide messages to prevent you from attempting to configure entities that would be rejected because they would put you over the platform limit. Here is an example of a message you would see if you reached your connection limit for the platform:

Entity Limit Policy Entity Limit Reached Screen

Entity counts may take a few seconds to update. If you see a warning that you believe is in error, try again after a few seconds, or contact support if the issue persists.

Global subscription plan limits

This section lists limits that apply to all subscription plans.

The Organizations feature is subject to the following limits:

Entity Maximum
Organizations per tenant 100,000
Members per organization 100,000
Connections per organization 10
Role assignments per organization member 50

Customers on Enterprise plans can request increased entity limits for Organizations per tenant and Organization members per Organization by contacting support.

These limits can be increased to 2,000,000 Organizations per tenant and 2,000,000 Organization members per Organization on public cloud. On private cloud instances, these entities are unlimited.

The Authorization Core Role-Based Access Control (RBAC) feature set is subject to the following limits:

Feature Limit
Roles per tenant 1000
Scopes per API 1000
Roles per user 50
Permissions per user 1000
Permissions per role 1000

Note that limitations on permissions per user affect those assigned directly. Technically, a user could have more permissions than noted if the permissions were assigned to different roles and then the roles were assigned to the user.

Refresh tokens are also subject to limitation. Refresh tokens have a limit of 200 valid tokens per user per application. If the limit is reached and a new refresh token is created, the system revokes or deletes the oldest token for that user in the application. Revoked tokens and expired tokens do not count against the limit.

Token type Per user / application
Refresh 200

Enterprise subscription limits

Entity Maximum
API Resource Servers 100,000
Application credentials 2,000

Self-service paid subscription limits

Entity Maximum
Applications 100
Connections 100
Rules 10
API Resource Servers 100

Free subscription limits

Entity Maximum
Applications 10
Connections 10
Rules 3
API Resource Servers 10