Entity Limit Policy
Entities in Auth0 are tenant configuration elements such as applications, connections, rules, and API resource servers. Most customers are limited to 50 separate tenants unless approved by support.
Auth0 provides notifications to you when you are approaching (80%) and when you have reached your respective entity limits (100% or higher). We will also provide messages to prevent you from attempting to configure entities that would be rejected because they would put you over the platform limit. Here is an example of a message you would see if you reached your connection limit for the platform:
Entity counts may take a few seconds to update. If you see a warning that you believe is in error, try again after a few seconds, or contact support if the issue persists.
Global subscription plan limits
This section lists limits that apply to all subscription plans.
The Organizations feature is subject to the following limits:
|Organizations per tenant||100,000|
|Members per organization||100,000|
|Connections per organization||10|
|Role assignments per organization member||50|
Customers on Enterprise plans can request increased entity limits for Organizations per tenant and Organization members per Organization by contacting support.
These limits can be increased to 2,000,000 Organizations per tenant and 2,000,000 Organization members per Organization on public cloud. On private cloud instances, these entities are unlimited.
The Authorization Core Role-Based Access Control (RBAC) feature set is subject to the following limits:
|Roles per tenant||1000|
|Scopes per API||1000|
|Roles per user||50|
|Permissions per user||1000|
|Permissions per role||1000|
Note that limitations on permissions per user affect those assigned directly. Technically, a user could have more permissions than noted if the permissions were assigned to different roles and then the roles were assigned to the user.
Refresh tokens are also subject to limitation. Refresh tokens have a limit of 200 valid tokens per user per application. If the limit is reached and a new refresh token is created, the system revokes or deletes the oldest token for that user in the application. Revoked tokens and expired tokens do not count against the limit.
|Token type||Per user / application|
Enterprise subscription limits
|API Resource Servers||100,000|
Self-service paid subscription limits
|API Resource Servers||100|
Free subscription limits
|API Resource Servers||10|