Entity Limit Policy
Effective Date: 19 May 2020
This policy is effective for all tenants with Self-Service subscriptions made on or after 19 May 2020. Starting on 18 June 2020, the policy will apply to all tenants with Self-Service subscriptions, including but not limited to paid and free subscriptions.
Entities in Auth0 are tenant configuration elements such as applications, connections, rules, and API resource servers. Most customers are limited to 50 separate tenants unless approved by support.
Auth0 provides notifications to you when you are approaching (80%) and when you have reached your respective entity limits (100% or higher). We will also provide messages to prevent you from attempting to configure entities that would be rejected because they would put you over the platform limit. Here is an example of a message you would see if you reached your connection limit for the platform:
Entity counts may take a few seconds to update. If you see a warning that you believe is in error, try again after a few seconds, or contact support if the issue persists.
Global subscription plan limits
This section lists limits that apply to all subscription plans.
The Organizations feature is subject to the following limits:
|Organizations per tenant||100,000|
|Members per organization||100,000|
|Connections per organization||10|
|Role assignments per organization member||50|
Customers on Enterprise plans can request increased entity limits for Organizations per tenant and Organization members per Organization by contacting support.
The Authorization Core Role-Based Access Control (RBAC) feature set is subject to the following limits:
|Roles per tenant||1000|
|Scopes per API||1000|
|Roles per user||50|
|Permissions per user||1000|
|Permissions per role||1000|
Note that limitations on permissions per user affect those assigned directly. Technically, a user could have more permissions than noted if the permissions were assigned to different roles and then the roles were assigned to the user.
Refresh tokens are also subject to limitation. Refresh tokens have a limit of 200 valid tokens per user per application. If the limit is reached and a new refresh token is created, the system revokes or deletes the oldest token for that user in the application. Revoked tokens and expired tokens do not count against the limit.
|Token type||Per user / application|
Enterprise subscription limits
|API Resource Servers||2000|
Self-service paid subscription limits
|API Resource Servers||100|
Free subscription limits
|API Resource Servers||10|