Resources
Trends in Customer Identity & Access Management: Modernization to AI
Discover how technology and security leaders are evolving their customer identity strategies. This comprehensive Gatepoint Research report, sponsored by Auth0, surveys 184 executives and engineers across high-scale industries to uncover the current state of Customer Identity & Access Management (CIAM). __Key Takeaways:__ - Driving Growth & Experience: Over 47% of organizations prioritize growing their customer base, accelerating product delivery, and delivering seamless omni-channel experiences. - The Cloud & Passwordless Shift: 53% of companies are actively migrating identity to cloud-based platforms, while 46% are investing in passwordless authentication. - The AI Imperative: Over 56% agree that the rise of AI agents and applications will reshape identity strategy, creating an urgent demand for stronger non-human identity controls, standards, and interoperability. __Download the full report to learn how Auth0 can help your organization future-proof your digital ecosystem.__
Continue Reading
Build and Secure a FastAPI Server with Auth0
Accelerate your backend development without sacrificing security. Get the practical guide to __building and securing a FastAPI server__ using Python. Learn how to use this lightweight alternative to Flask to read API request data seamlessly. This whitepaper walks you through setting up a basic API using modern project management tools like uv, configuring environment variables securely with Pydantic Settings, and seamlessly integrating Auth0 to protect your endpoints. __In this whitepaper, you'll learn:__ - The basics of FastAPI and how to quickly set up public and private endpoints. - How to manage Python dependencies and virtual environments using uv, a fast, Rust-based alternative to pipenv and poetry. - Techniques for loading configuration securely using Pydantic Settings and environment variables. - How to leverage the Auth0 FastAPI library, PyJWT, JWKS, and dependency injection to validate JSON Web Tokens (JWTs) and secure your endpoints.
Continue Reading
Securing OpenClaw: A Developer's Checklist for AI Agent Security
When AI agents get "hands" to execute terminal commands and modify files, they require strict security guardrails. Download our __developer's checklist for securing OpenClaw__ (formerly Moltbot). Learn the five critical steps for AI agent security, including how to configure execution sandboxes, enforce path and command allow-lists, defend against prompt injection attacks, and apply Fine-Grained Authorization (FGA) to limit an agent's blast radius. __In this developer's checklist, you'll learn:__ - How to sandbox autonomous agents (like OpenClaw) to limit their blast radius on your local machine. - The importance of setting up explicit allow-lists for terminal commands, file paths, and network requests. - Strategies for defending against prompt injection attacks and managing ephemeral credentials. - How to configure audit logs and integrate identity access controls for production-ready AI agents.
Continue Reading
MCP vs A2A: A Guide to AI Agent Communication Protocols
Understand the building blocks of modern AI architecture with our technical guide to __MCP vs A2A__. Discover how Anthropic’s __Model Context Protocol (MCP)__ gives individual agents secure, structured access to external tools and APIs, while __Agent-to-Agent (A2A)__ communication allows multiple agents to collaborate, delegate tasks, and solve complex workflows in parallel. Learn how these complimentary protocols operate and when to leverage them. __In this guide, you'll learn:__ - How Anthropic’s Model Context Protocol (MCP) gives agents structured, safe access to external tools. - The mechanics of Agent-to-Agent (A2A) communication for dynamic, multi-agent collaboration. - How "Agent Cards" establish trust and capability sharing between client and remote service agents. - The architectural differences between extending single-agent capabilities (MCP) and scaling multi-agent workflows (A2A).
Continue Reading
Backend for Frontend (BFF) architectural pattern
Stop exposing access tokens in your Single-Page Applications (SPAs). Learn how to implement the __Backend for Frontend (BFF) architectural pattern__ to radically enhance your OAuth 2.0 and OpenID Connect security. This whitepaper explains how to transition token negotiation and storage away from vulnerable public browser clients and into a secure, confidential backend proxy—keeping your APIs protected and JWTs safely out of the browser. __In this whitepaper, you'll learn:__ - The severe security risks associated with token storage in public clients like SPAs. - How the Backend for Frontend (BFF) pattern shifts token management to a secure, confidential server. - The complete BFF authentication flow, from OpenID Connect negotiation to proxying API requests. - How to properly configure *HttpOnly* session cookies and prevent Cross-Site Request Forgery (CSRF) attacks.
Continue Reading
Build Trustworthy AI: Implementing Access Control for RAG Systems Using FGA
Prevent sensitive data leakage in your generative AI applications. Download our whitepaper on __implementing access control for Retrieval-Augmented Generation (RAG) systems__. Learn how to apply __Fine-Grained Authorization (FGA)__ using Okta FGA and OpenFGA to ensure your Large Language Models (LLMs) only retrieve context that the querying user is explicitly permitted to see. Build trustworthy AI architectures that respect strict enterprise security policies. __In this whitepaper, you'll learn:__ - The unique security challenges of exposing private data through LLMs and RAG pipelines. - How Fine-Grained Authorization (FGA) works to prevent sensitive information disclosure. - Step-by-step instructions for integrating Okta FGA and OpenFGA into your AI applications. - How to securely test and query your RAG application with properly granted FGA permissions.
Continue Reading
Cookies, Tokens, or JWTs? The ASP.NET Core Identity Dilemma
Struggling to choose between __cookie-based and token-based authentication__ for your Single-Page Application (SPA)? Our latest guide breaks down the __ASP.NET Core Identity dilemma__. Dive deep into the new Identity API endpoints introduced in .NET 8, compare the security trade-offs of traditional cookies versus JSON Web Tokens (JWTs), and discover exactly when you need OpenID Connect and OAuth 2.0 to protect user sessions. __In this whitepaper, you'll learn:__ - The core architectural differences between cookie-based and token-based authentication. - How to navigate and leverage the new Identity API endpoints introduced in .NET 8. - The security tradeoffs when managing state and sessions in Single-Page Applications (SPAs). - Exactly when to implement OpenID Connect (OIDC) and OAuth 2.0 for robust identity management.
Continue Reading
Restful APIs with Python and Flask: a Handbook
Master backend web development with our comprehensive handbook on building __RESTful APIs with Python and Flask__. This step-by-step developer guide walks you through bootstrapping a lightweight Flask application, mapping data models with Python classes, and serializing objects using Marshmallow. Whether you need to containerize your backend with Docker or securely protect your Python API endpoints with Auth0, this guide provides the exact architecture you need to scale. __In this handbook, you'll learn:__ - How to bootstrap a lightweight, highly scalable Flask application from scratch. - Techniques for mapping backend data models with Python classes. - How to seamlessly serialize and deserialize objects using Marshmallow. - Step-by-step instructions to containerize your API with Docker and secure it using Auth0.
Continue Reading
Essential practices for securing AI-generated code
Looking to safely integrate AI coding assistants into your workflow? Download our whitepaper on __essential practices for securing AI-generated code__. Learn how to mitigate vulnerabilities introduced by LLMs, implement robust input validation and sanitization, audit package dependencies, and integrate Static Application Security Testing (SAST). Discover how to protect your full-stack applications by writing strict security tests and properly reviewing AI-assisted outputs before they hit production. __In this whitepaper, you'll learn:__ - How to identify and mitigate security vulnerabilities introduced by AI coding tools. - Techniques for robust input validation and sanitization using tools like Zod. - Best practices for integrating SAST tools and auditing package dependencies. - How to write comprehensive, automated security tests for AI-assisted code generation.
Continue Reading
Driving high-impact AI
__Enabling critical actions without slowing the business__ Enable high-stakes AI actions—moving money, updating systems—securely and fast. AI only matters when it can take real action—moving money, updating systems, and executing critical workflows. But those are the exact use cases that get stuck. As the stakes rise, so do approvals, controls, and delays. High-value initiatives get buried under custom builds and slow review cycles and turn into long, expensive projects. The real problem isn’t risk—it’s everything that slows AI from getting to production. This session focuses on how leading teams move from promising pilots to real-world impact so AI delivers revenue and operational results, not just incremental gains. We will show how identity makes this possible, leveraging standardized protocols like MCP (Model Context Protocol) alongside step-up authorization, fine-grained access, and real-time revocation to secure high-stakes actions without slowing execution. You’ll leave with: - A framework to identify and prioritize high-impact AI use cases - How to enable high-stakes actions without one-off solutions - Strategies to move through approvals faster—without slowing delivery - Ways to maintain accountability without blocking execution
Continue Watching
Scaling AI execution
__How leaders remove bottlenecks without losing control__ ### Move fast at scale without adding security overhead or engineering toil. AI doesn’t break in experimentation—it breaks at scale. As more agents spread across teams and workflows, complexity spikes. Access models drift, security reviews stack up, and engineering keeps rebuilding the same patterns. What should speed the business up, starts slowing it down. This session is about scaling AI execution without creating drag. Not by adding more control—but by building consistent, repeatable ways to move fast and stay secure. You’ll leave with: - A clear model for scaling AI across teams without increasing engineering toil - How to standardize identity and access to reduce repeated work - Ways to reduce security friction across use cases - Strategies to increase velocity as adoption grows—not decrease it
Continue Watching
Streamcast Ep 5: Turn AI pilots into revenue
91% of organizations are running agentic AI pilots—but most are still stuck in chatbots, copilots, and internal productivity tools. The real value is unlocked when AI agents move beyond answering questions to take action: processing payments, approving requests, and updating accounts. Yet, this transition is exactly where most teams stall. As agents interact across applications and systems to access data and drive outcomes, they introduce new identity complexity, creating friction and risk that most organizations aren’t prepared for. In this episode, expert and educator __Alex Banks__ and __Gareth Davies__, Auth0’s Chief of Product, break down what actually changes when agents move from simple chat to complex, autonomous actions - and what teams need to do differently to see real business impact. ### __What you’ll walk away with:__ - What it takes to support agent-driven experiences as they take action across applications and systems - Why identity slows teams down as those experiences scale and force teams to rethink how authentication and access are handled - How to remove overhead so teams can launch, scale, and evolve high-value, agent-driven use cases ### __Companion Resource:__ [Whitepaper: Shipping AI Agents Faster](https://auth0.com/resources/whitepapers/from-prototype-to-production)
Continue Watching
Modernizing Customer Identity
Customer experience hinges on getting identity right. Join us to learn how Auth0 helps you drive innovation, scale securely and deliver frictionless user experiences. Hear directly from Ulta Beauty about how they are transforming their customer journeys with modern identity.
Continue Watching
Streamcast Ep 6: From security bottleneck to revenue growth engine
The gap between a great customer experience and a secure one used to feel like a tradeoff. Not anymore. Dine Brands, the parent company of IHOP and Applebee's, knows the cost of identity complexity. Early loyalty programs stalled due to friction at sign-up. Credential stuffing attacks were eroding guest trust. And, every new digital idea waited months for security review. Today, the same identity foundation powers 14 million IHOP members and 17 million Applebee's members. An in-restaurant AI personalization pilot is now scaling across 3,500 locations and security reviews are completed in a matter of days. In this fast-paced Streamcast, Gareth Davies, Chief Product Officer at Auth0, sits down with Joe Frisk, VP and CISO at Dine Brands, for a candid look at what it takes to unblock security bottlenecks and make identity the growth engine of a modern consumer brand. ### We’ll dig into: - Identity as a measurable revenue engine: How removing "front door" friction directly unlocks loyalty adoption and measurable revenue uplift. - Standardized tech for brand innovation: How to scale a backend "Gold Standard" while empowering individual brands to maintain unique frontend experiences. - Security as a growth lever: How to turn security bottleneck into an accelerant across brands
Continue Watching

Authenticator: Guardian of Identity (Issue #2)
AI agents are taking over operational workflows but when a system breaks, engineering teams are the ones left trapped in the deployment trenches. [This comic book tells that story the hard way. ](https://online.flippingbook.com/view/136767612/ "View Flipbook") Through a fictional crisis, Authenticator: Guardian of Identity shows what breaks when identity isn’t built to handle the complexity of modern agentic workflows, and how to escape the nightmare of endless production delays. [Read it to see:](https://online.flippingbook.com/view/136767612/ "View Flipbook") - Why manual auth builds and brittle token flows lead straight to "Pilot Purgatory" - What happens when sleep-deprived dev teams hit roadblock after roadblock en route to production - How securing automated actors stops security errors and pacifies your most demanding end-users - A simple way to unleash your application's superpowers and ship code faster
Continue Reading
Auth0 Launchpad
This technical deep dive provides a practical guide to moving your initiatives from pilot to production. We’ll focus on how to accelerate time-to-market, unlock new revenue, and scale complex workflows by removing the friction that stalls projects. Join us to discover how to reduce engineering toil, solve real-world execution problems, and empower your teams to ship faster and drive real business impact.
Continue Watching

AuthO Security Best Practices - Q2 Webinar
Join us for this quarterly update from the Okta Threat Intelligence team as we share insights and recommendations for securing your customers based on the adversary activity we observed over the last quarter. This isn't a sales pitch; it's a technical briefing designed to help you harden your identity stack based on real-world telemetry.
Continue Watching
What the SaaS?! Episode 4
Welcome to 'What the SaaS?!', the podcast for B2B SaaS leaders navigating the path to enterprise-readiness. Every growing B2B company eventually hits a wall. You've found product-market fit, but suddenly your biggest deals are getting stuck in security reviews. Customers are asking for things like SAML, SCIM, and delegated admin—and you realize your simple login box has become a roadblock to growth. Landing your 100th enterprise customer is a milestone, but without delegated administration, it's the start of a costly support grind. In this episode, host Sheena Allan sits down with Brittany Roth to unpack the realities of enterprise readiness. Discover why true delegation means "scoped self-service"—giving IT admins predictable control and safety nets to manage their own environments without opening support tickets. Learn how treating admins as first-class users accelerates security reviews, drives retention, and unlocks self-serve revenue expansion.
Continue Listening
Auth0's latest product drops
This is your midyear deep dive into Auth0’s latest product innovations—a first look at what’s new, when you can get it, and how to deploy it. Whether you’re securing AI agents or optimizing your app for customer conversions, we’ll show you how to reclaim your dev capacity and ship secure, high-value interactions faster. ### Here’s what’s new: - Building permission-aware AI: Discover the latest Auth0 for AI Agents advancements. We'll show you how to secure Model Context Protocol (MCP) servers, solve the "search with permissions" problem at scale using the FGA Permissions Index, and deploy Agents as Principals to maintain ironclad audit trails. - Accelerating in-app conversions: Explore our new Embedded Login advancements. Learn how to put your applications in full control of identity flows—placing authentication exactly where users convert, whether integrated at checkout, within agents, or inline, before sensitive transactions. Built-in security tooling and capabilities, such as passkeys, DPoP, and configurable Level of Assurance per API, let you build high-conversion in-app experiences without scaling identity overhead. ### Companion Assets 1. [Architecture playbook - AI agent identity](https://auth0.com/architectural-playbook/identity) 2. [Data Sheet - The AI-ready identity framework](https://auth0.com/resources/whitepapers/the-ai-identity-ready-framework-mcp) 3. [Interactive Demo - Auth0 for AI Agents](https://app.storylane.io/share/souojitmkogz) 4. [Interactive Demo - Fine-Grained Authorization](https://app.storylane.io/share/adwjw0jgghs9)
Continue Watching
Embedded Login: Convert more users. Put your applications in control of identity.
## __Build Seamless In-App Authentication Experiences with Auth0__ ### Identity should be a conversion lever, not a source of friction. Embedded Login puts your applications in control of identity journeys, enabling seamless authentication experiences that live directly within web, mobile, and agentic applications. ### This solution brief explores how Auth0's Embedded Login helps organizations build conversion-optimized identity flows, reduce identity overhead and scale faster with expanded built-in security and dev tooling. Download the solution brief to learn how to build seamless in-app identity that converts.
Continue Reading
Start your journey with Auth0
Get best-in-class customer identity, with security built in️.