Auth0 Release Notes

Follow

93 release notes curated from 1 source by the Releasebot Team. Last updated: Jul 11, 2026

Get this feed:
  • Jul 10, 2026
    • Date parsed from source:
      Jul 10, 2026
    • First seen by Releasebot:
      Jul 11, 2026
    Auth0 logo

    Auth0

    Third-Party Apps for Organizations is now Generally Available

    Auth0 adds third-party application support for Organizations, letting tenant admins allow or block access per organization with access blocked by default and consent scoped to each organization.

    Third-party applications now work with Auth0 Organizations. Tenant admins can allow or block third-party app access on a per-organization basis — access is blocked by default, so existing organizations are unaffected until you explicitly opt in.

    • To authenticate users within an organization, a third-party app's connection must be promoted to domain level (is_domain_connection: true).
    • User consent is scoped per organization — granting access in one organization does not carry over to another.

    To learn more, read Enable third-party application access for an Organization.

    Original source
  • Jul 9, 2026
    • Date parsed from source:
      Jul 9, 2026
    • First seen by Releasebot:
      Jul 10, 2026
    Auth0 logo

    Auth0

    Google One Tap Support for Universal Login EA

    Auth0 adds Google One Tap to Universal Login, bringing early access one-tap sign-in for faster, frictionless authentication.

    Bring frictionless, one-tap authentication to your users! Auth0 now supports Google One Tap within the Universal Login prompt for Early Access. Users are greeted with a secure, non-intrusive identity overlay that lets them sign in instantly with a single tap, completely eliminating manual forms and page redirects. Check out the Auth0 Google Social Connection documentation to learn how to enable it for your web applications!

    Original source
  • All of your release notes in one feed

    Join Releasebot and get updates from Auth0 and hundreds of other software products.

    Create account
  • Jul 8, 2026
    • Date parsed from source:
      Jul 8, 2026
    • First seen by Releasebot:
      Jul 9, 2026
    Auth0 logo

    Auth0

    IPSIE session_expiry Claim Support for Okta and OIDC Enterprise Connections

    Auth0 now supports the session_expiry claim for Okta and OIDC Enterprise connections, aligning federated sessions with upstream IdP expiration and tenant session rules to prevent stale access. It also supports downstream enforcement through Post-Login Actions.

    Auth0 now supports the session_expiry claim for Okta and OIDC-based Enterprise connections, in alignment with the IPSIE SL1 profile. When your upstream identity provider includes a session_expiry value in the ID token, Auth0 uses it to enforce the ceiling on the Auth0 session lifetime — evaluated as the minimum of the IdP claim, your tenant's absolute session expiration, and any expiry set via Actions.

    This closes a real gap in federated sessions: when a federated user's access expires at their IdP, their Auth0 session terminates accordingly — no stale sessions, no residual access. Enable it on any Okta/OIDC Enterprise connection via the Dashboard or Management API. For end-to-end enforcement down to your downstream applications, deploy a Post-Login Action to inject the final session_expiry value as a custom claim in the Auth0-issued ID token.

    Note: Supported on Okta/OIDC Enterprise connections only. SAML connections are not supported. This feature implements the evolving IPSIE SL1 open standard.

    See the product documentation

    Original source
  • Jul 7, 2026
    • Date parsed from source:
      Jul 7, 2026
    • First seen by Releasebot:
      Jul 8, 2026
    Auth0 logo

    Auth0

    Tenant Log Catalog Now Available in Auth0 Docs

    Auth0 adds an interactive Tenant Log Catalog in Docs for exploring log codes and event schemas.

    We now have an expansive and interactive Tenant Log Catalog available to dive deeper into Tenant Logs Codes and their associated schemas. Instead of a flat list of codes or diving into GitHub to understand Tenant Log schemas, you can now uncover Tenant Log event schemas directly within Auth0 Docs.

    Try out the new Tenant Log Catalog here: https://auth0.com/docs/tenant-logs

    Original source
  • Jul 1, 2026
    • Date parsed from source:
      Jul 1, 2026
    • First seen by Releasebot:
      Jul 3, 2026
    Auth0 logo

    Auth0

    Automate Downstream Provisioning with Outbound SCIM for Users via Event Streams

    Auth0 introduces a new Outbound SCIM Action template for Event Streams, making it easier to push user.created, user.updated, and user.deleted events to SCIM 2.0 downstream apps for automated provisioning with built-in retries and customizable mapping.

    We are excited to announce the release of our new Outbound SCIM Action template for Event Streams! This new capability delivers an infrastructure-free way to push user.created, user.updated, and user.deleted events directly from Auth0 to any SCIM 2.0-compliant downstream application, making it easier than ever to automate your user provisioning workflows.

    Key Highlights:

    • Infrastructure-free provisioning: Use our ready-to-copy Outbound SCIM Action template to translate Auth0 user events into standard SCIM 2.0 REST requests (POST, PUT, and DELETE). This eliminates the need to build, host, or maintain custom webhook consumers.
    • Template-driven customization: You retain full control over your provisioning logic. Edit the script to map specific Auth0 attributes to your downstream SCIM schema, or enable opt-in behaviors like UPSERT (create-on-update) for trickling in users.
    • Built-in fault tolerance: The template script handles API timeouts and retries for transient failures natively.

    How to get started:

    To use this feature, navigate to Event Streams in the Auth0 Dashboard, create a new stream with Auth0 Actions as the destination, and apply the Outbound SCIM provisioning template.

    Note: Because the Event Stream only reacts to new events, we recommend performing a one-time full bulk sync of your existing Auth0 users to your downstream SCIM server before enabling the stream.

    For step-by-step setup instructions, prerequisite details, limitations, and configuration guidelines, check out How to Synchronize User Changes with Outbound SCIM Requests using Event Streams.

    Original source
  • Similar to Auth0 with recent updates:

  • Jun 22, 2026
    • Date parsed from source:
      Jun 22, 2026
    • First seen by Releasebot:
      Jun 23, 2026
    Auth0 logo

    Auth0

    Refresh Token metadata is now Generally Available

    Auth0 adds Refresh Token Metadata to Enterprise customers, now generally available. It lets teams store custom key-value pairs on refresh tokens for richer context and more personalized authentication, with lifecycle persistence and Management API support for retrieving, updating, and revoking token metadata.

    What's included in the feature

    We're excited to announce that Refresh Token Metadata is now Generally Available for Enterprise customers.
    Refresh Token Metadata allows you to attach custom key-value pairs to refresh tokens, enabling richer context storage and more personalized authentication experiences.

    Store Custom Data on Refresh Tokens

    You can now attach up to 25 custom key-value pairs to each refresh token. This metadata persists throughout the token's lifecycle and can be accessed or modified via the Management API.

    // In Post-Login Action
    exports.onExecutePostLogin = async (event, api) => {
    api.refreshToken.setMetadata('deviceName', event.request.user_agent);
    api.refreshToken.setMetadata('loginRegion', event.request.geoip?.countryCode);
    api.refreshToken.setMetadata('orgContext', event.organization?.id);
    };
    

    Management API Support

    Access and manage refresh token metadata programmatically:

    • GET /api/v2/refresh-tokens/{id} - Retrieve token with metadata
    • PATCH /api/v2/refresh-tokens/{id} - Update token metadata
    • DELETE /api/v2/refresh-tokens/{id} - Revoke token

    Learn more about Refresh Token Metadata in our documentation and our blog

    Original source
  • Jun 17, 2026
    • Date parsed from source:
      Jun 17, 2026
    • First seen by Releasebot:
      Jun 18, 2026
    Auth0 logo

    Auth0

    Google Workspace Directory Sync for Groups - Early Access Updates

    Auth0 expands Google Workspace Directory Sync for Groups with Early Access now available without enrolment, plus native assignment of synced groups to tenant-level RBAC and organization roles for automatic permissions.

    We are happy to share that Google Workspace Directory Sync for Groups is now available in Early Access without enrolment!

    All previously announced Early Access capabilities including automated group synchronization, "Sync all" functionality, and partial group selection are now available out-of-the-box without enrolment. Additionally, you can now natively assign groups synced through Google Workspace to Auth0 tenant-level RBAC roles and Auth0 organization-specific roles, allowing group members to automatically inherit correct permissions when they log in.

    This update is available to all customers in public cloud today, and will be gradually rolling out to private cloud environments in the coming weeks.

    To get started, navigate to your Google Workspace enterprise connection in the Auth0 Dashboard and configure your group synchronization preferences.

    Learn more in our public documentation:

    • How to Sync Google Workspace Users and Groups to Auth0 with Directory Sync
    • Assign Roles for Enterprise Groups
    Original source
  • Jun 15, 2026
    • Date parsed from source:
      Jun 15, 2026
    • First seen by Releasebot:
      Jun 16, 2026
    Auth0 logo

    Auth0

    Dashboard Search for APIs Now in Beta

    Auth0 adds public beta API search in the Dashboard, letting users find APIs in real time by ID, identifier, or name.

    Dashboard Search for APIs is now available in Public Beta!

    Find your API faster without scrolling through paginated lists.

    Dashboard users can now search APIs in real time by ID, identifier or name.

    Rolling out progressively to Public Cloud tenants starting this week, with broader availability in the coming weeks.

    For detailed documentation on search capabilities, visit our Product documentation.

    Original source
  • Jun 11, 2026
    • Date parsed from source:
      Jun 11, 2026
    • First seen by Releasebot:
      Jun 11, 2026
    Auth0 logo

    Auth0

    Improved refresh token management is Early Access

    Auth0 adds early access refresh token management endpoints, bringing more granular search and revocation options plus bulk token revocation for up to 100 IDs at once.

    We're excited to announce the addition of two new endpoints for refresh token management, introducing granularity in search and revocation capabilities, as well as bulk revocation of refresh tokens (up to 100 individual IDs at a time):

    • A new GET api/v2/refresh-tokens endpoint which allows retrieving refresh tokens for a user_id or a user_id + client_id combination
    • A new POST api/v2/refresh-tokens/revoke endpoint which allows RT revocation:
    • by ids (up to 100 at a time)
    • by user_id (remove all refresh tokens for a given user)
    • by user_id + client_id (remove all refresh tokens bound to a client for a given user)
    • by user_id + client_id + audience (remove all refresh bound to a client and a resource server for a given user)

    The new endpoints are in Early Access. Please contact your TAM or open a support ticket to get this feature enabled in your tenant

    Original source
  • Jun 8, 2026
    • Date parsed from source:
      Jun 8, 2026
    • First seen by Releasebot:
      Jun 9, 2026
    Auth0 logo

    Auth0

    Enhanced Bot Detection for Signup Flows

    Auth0 improves Bot Detection in the Signup Flow with a smarter machine learning model that catches more automated traffic while keeping false positives low. The update delivers more consistent protection across tenants and rolls out automatically to eligible Enterprise customers.

    We have updated the machine learning model driving Bot Detection during the Signup Flow.

    This update lowers false-negative rates to intercept more automated traffic while keeping false-positive rates low for valid users.

    What's New:

    Smarter Signup Security:

    Optimized thresholds catch advanced bot behaviors while preserving a seamless registration experience for legitimate users.

    Consistent Protection at Scale:

    The model now delivers uniform detection accuracy across tenants of all sizes, regardless of your baseline traffic volumes.

    Note:

    This model optimization specifically targets the signup flow and rolls out automatically to Enterprise tenants utilizing Attack Protection with no customer action or migration steps required.

    To learn more about Bot Detection check out our online docs here

    Original source
  • Jun 5, 2026
    • Date parsed from source:
      Jun 5, 2026
    • First seen by Releasebot:
      Jun 6, 2026
    Auth0 logo

    Auth0

    Inbound SCIM Groups for Enterprise Connections is now Generally Available!

    Auth0 adds GA support for Groups in Inbound SCIM for Enterprise Connections, letting synced groups map to tenant-level or organization-scoped roles and enabling self-service SCIM provisioning for enterprise customers to speed up B2B onboarding.

    What’s new in GA:

    We’re pleased to announce that support for Groups within Auth0’s Inbound SCIM for Enterprise Connections capability is now Generally Available (GA)!

    This release closes the loop between identity provisioning and access control by allowing you to natively map synced groups to Auth0 roles at two levels: globally at the tenant level, or scoped specifically to an organization based on the user’s login context.

    Additionally, developers can now accelerate B2B onboarding by empowering their enterprise customers to self-configure SCIM provisioning for groups directly.

    Building on our Early Access capabilities, this release introduces the following enhancements to deliver out-of-the-box B2B delegated administration:

    • Associate tenant-level RBAC roles with Enterprise Groups: For global access, you can assign Auth0 tenant-level roles directly to SCIM-provisioned groups. Any member of the synced group will automatically inherit these roles globally.
    • Assign Organization scoped roles to Enterprise Groups: You can now assign organization scoped roles to SCIM-provisioned groups. In tandem with Auto-Membership, your customers' users will automatically inherit workspace-scoped permissions the moment they log in.
    • Self-Service Enterprise Configuration: Empower your enterprise customers (or their IdP administrators) to configure SCIM provisioning for users and groups on their own through the Self-Service flow, accelerating B2B onboarding and removing your support team from the loop.

    How to get started:

    This feature will be rolled out to all public cloud environments over the next few days and to private cloud environments as per their release pipeline.

    SCIM Groups is available for all tenants whose Auth0 plan includes Enterprise Connections. To enable it, navigate to the Auth0 Dashboard, go to Authentication > Enterprise, select your SAML, OpenID Connect, Okta Workforce, or Microsoft Entra ID connection, and toggle Sync user profiles using SCIM to On under the Provisioning tab.

    Learn more:

    • Configure Inbound SCIM
    • Assign Roles to Enterprise Groups
    • Self-Service Enterprise Configuration
    • Group Events using the Eventing Platform
    Original source
  • Jun 2, 2026
    • Date parsed from source:
      Jun 2, 2026
    • First seen by Releasebot:
      Jun 3, 2026
    Auth0 logo

    Auth0

    Dashboard Navigation & IA Refresh is now in Beta

    Auth0 introduces a redesigned Dashboard navigation and information architecture in beta, with a visual refresh that makes the platform easier to scan, faster to navigate, and more unified across common tasks.

    We are excited to announce that the redesigned Dashboard navigation and information architecture (IA) is now available in Beta. This update is the first step toward a more unified platform experience across Auth0, making it faster to find what you need and easier to act on everything across the platform. Alongside the IA changes, this beta also includes a significant visual refresh.

    What's in the Beta

    Flattened navigation

    • Label-only group headers so every item is visible at a glance, reducing clicks and making pages faster to reach.
    • Reorganized around common tasks to surface the pages you use most and match the way you actually work.
    • External actions have moved out of the sidebar and into the top bar, keeping the sidebar focused on tenant configuration.

    Consolidated & renamed pages

    • Related functionality grouped together to bring common tasks closer together.
    • Clearer naming to better align functionality across the platform.

    Availability

    • Existing bookmarks and deep links will continue to work and you'll be automatically redirected to the new page.
    • This is a navigation, IA, and visual update only. All underlying functionality and APIs remain the same.

    Join the beta!

    If you're interested in joining the Dashboard Navigation & IA Refresh beta program, please send a request through the Auth0 Support Center or contact your Technical Account Manager (TAM) or Auth0 Sales Executive to help you out with the process.

    Original source
  • Jun 2, 2026
    • Date parsed from source:
      Jun 2, 2026
    • First seen by Releasebot:
      Jun 3, 2026
    Auth0 logo

    Auth0

    Dashboard Search for Applications Now in Beta

    Auth0 adds Dashboard Search for Applications in Public Beta, letting users quickly search and filter applications in real time with multiple filter options, guided Boolean search, and shareable URL-based filters.

    We're excited to announce that Dashboard Search for Applications is now available in Public Beta! Find your applications faster without scrolling through paginated lists.

    What's New:

    Dashboard users can now search and filter applications in real time by application name, client ID, external client ID, metadata, application type, and first-party status.

    • Multiple filter options — Combine up to 5 filters
    • Guided filter menu with Boolean search logic
    • Filters persist in URLs for sharing and bookmarking

    Rolling out progressively to Public Cloud tenants starting this week, with broader availability in the coming weeks.

    For detailed documentation on search capabilities, visit our Product documentation.

    Original source
  • Jun 2, 2026
    • Date parsed from source:
      Jun 2, 2026
    • First seen by Releasebot:
      Jun 2, 2026
    Auth0 logo

    Auth0

    M2M Support for Third-Party Applications is now Generally Available

    Auth0 adds client_credentials support for strict third-party applications, bringing secure machine-to-machine access for AI agents and partner backend services. It also adds organization-scoped M2M access through the Management API and Dashboard with explicit grant controls.

    We're happy to announce that strict third-party applications now support machine-to-machine (M2M) access using the client_credentials grant type.
    As you expose your APIs to AI agents and partner backend services that operate without a user in the loop, you need those integrations to work within the same secure-by-default posture as the rest of your third-party application setup. This release makes that possible.

    What's included:

    • client_credentials grant type support for strict third-party applications, available via the Management API and Dashboard.
    • Organization-scoped M2M access: strict third-party applications can request access tokens within the scope of a specific organization, with the same explicit grant requirements that apply to all M2M applications. Learn more about M2M access for organizations.
    • M2M access is intentionally restricted to applications created manually via the Management API or Dashboard. Applications registered via Dynamic Client Registration are excluded to prevent uncontrolled token issuance by unvetted third parties.

    To learn more, visit the Third-Party Applications documentation.

    Original source
  • Jun 1, 2026
    • Date parsed from source:
      Jun 1, 2026
    • First seen by Releasebot:
      Apr 13, 2026
    • Modified by Releasebot:
      Jun 11, 2026
    Auth0 logo

    Auth0

    Customize RPID values for Passkeys GA

    Auth0 now supports GA passkey adoption across subdomains with shared enrollment, letting teams customize the RP ID so a single passkey can authenticate users across multiple applications under the same root domain.

    Boost Passkey adoption by enabling shared enrollment across subdomains. You can now customize the RP ID to allow a single Passkey to authenticate users across multiple applications under the same root domain. Now GA!

    Learn more:

    Enable and Configure Passkey Authentication for Database Connections

    Native Passkeys for Mobile Applications

    Passkey Authentication for Database Connections

    Original source
Releasebot

Curated by the Releasebot team

Releasebot is an aggregator of official release notes from hundreds of software vendors and thousands of sources.

Our editorial process involves the manual review and audit of release notes procured with the help of automated systems.