Auth0 Release Notes
93 release notes curated from 1 source by the Releasebot Team. Last updated: Jul 11, 2026
- Jul 10, 2026
- Date parsed from source:Jul 10, 2026
- First seen by Releasebot:Jul 11, 2026
Third-Party Apps for Organizations is now Generally Available
Auth0 adds third-party application support for Organizations, letting tenant admins allow or block access per organization with access blocked by default and consent scoped to each organization.
Third-party applications now work with Auth0 Organizations. Tenant admins can allow or block third-party app access on a per-organization basis — access is blocked by default, so existing organizations are unaffected until you explicitly opt in.
- To authenticate users within an organization, a third-party app's connection must be promoted to domain level (
is_domain_connection: true). - User consent is scoped per organization — granting access in one organization does not carry over to another.
To learn more, read Enable third-party application access for an Organization.
Original source - Jul 9, 2026
- Date parsed from source:Jul 9, 2026
- First seen by Releasebot:Jul 10, 2026
Google One Tap Support for Universal Login EA
Auth0 adds Google One Tap to Universal Login, bringing early access one-tap sign-in for faster, frictionless authentication.
Bring frictionless, one-tap authentication to your users! Auth0 now supports Google One Tap within the Universal Login prompt for Early Access. Users are greeted with a secure, non-intrusive identity overlay that lets them sign in instantly with a single tap, completely eliminating manual forms and page redirects. Check out the Auth0 Google Social Connection documentation to learn how to enable it for your web applications!
Original source All of your release notes in one feed
Join Releasebot and get updates from Auth0 and hundreds of other software products.
- Jul 8, 2026
- Date parsed from source:Jul 8, 2026
- First seen by Releasebot:Jul 9, 2026
IPSIE session_expiry Claim Support for Okta and OIDC Enterprise Connections
Auth0 now supports the session_expiry claim for Okta and OIDC Enterprise connections, aligning federated sessions with upstream IdP expiration and tenant session rules to prevent stale access. It also supports downstream enforcement through Post-Login Actions.
Auth0 now supports the
session_expiryclaim for Okta and OIDC-based Enterprise connections, in alignment with the IPSIE SL1 profile. When your upstream identity provider includes asession_expiryvalue in the ID token, Auth0 uses it to enforce the ceiling on the Auth0 session lifetime — evaluated as the minimum of the IdP claim, your tenant's absolute session expiration, and any expiry set via Actions.This closes a real gap in federated sessions: when a federated user's access expires at their IdP, their Auth0 session terminates accordingly — no stale sessions, no residual access. Enable it on any Okta/OIDC Enterprise connection via the Dashboard or Management API. For end-to-end enforcement down to your downstream applications, deploy a Post-Login Action to inject the final
session_expiryvalue as a custom claim in the Auth0-issued ID token.Note: Supported on Okta/OIDC Enterprise connections only. SAML connections are not supported. This feature implements the evolving IPSIE SL1 open standard.
See the product documentation
Original source - Jul 7, 2026
- Date parsed from source:Jul 7, 2026
- First seen by Releasebot:Jul 8, 2026
Tenant Log Catalog Now Available in Auth0 Docs
Auth0 adds an interactive Tenant Log Catalog in Docs for exploring log codes and event schemas.
We now have an expansive and interactive Tenant Log Catalog available to dive deeper into Tenant Logs Codes and their associated schemas. Instead of a flat list of codes or diving into GitHub to understand Tenant Log schemas, you can now uncover Tenant Log event schemas directly within Auth0 Docs.
Try out the new Tenant Log Catalog here: https://auth0.com/docs/tenant-logs
Original source - Jul 1, 2026
- Date parsed from source:Jul 1, 2026
- First seen by Releasebot:Jul 3, 2026
Automate Downstream Provisioning with Outbound SCIM for Users via Event Streams
Auth0 introduces a new Outbound SCIM Action template for Event Streams, making it easier to push user.created, user.updated, and user.deleted events to SCIM 2.0 downstream apps for automated provisioning with built-in retries and customizable mapping.
We are excited to announce the release of our new Outbound SCIM Action template for Event Streams! This new capability delivers an infrastructure-free way to push
user.created,user.updated, anduser.deletedevents directly from Auth0 to anySCIM 2.0-compliant downstream application, making it easier than ever to automate your user provisioning workflows.Key Highlights:
- Infrastructure-free provisioning: Use our ready-to-copy Outbound SCIM Action template to translate Auth0 user events into standard
SCIM 2.0 RESTrequests (POST,PUT, andDELETE). This eliminates the need to build, host, or maintain custom webhook consumers. - Template-driven customization: You retain full control over your provisioning logic. Edit the script to map specific Auth0 attributes to your downstream
SCIMschema, or enable opt-in behaviors likeUPSERT(create-on-update) for trickling in users. - Built-in fault tolerance: The template script handles API timeouts and retries for transient failures natively.
How to get started:
To use this feature, navigate to Event Streams in the Auth0 Dashboard, create a new stream with Auth0 Actions as the destination, and apply the Outbound SCIM provisioning template.
Note: Because the Event Stream only reacts to new events, we recommend performing a one-time full bulk sync of your existing Auth0 users to your downstream SCIM server before enabling the stream.
For step-by-step setup instructions, prerequisite details, limitations, and configuration guidelines, check out How to Synchronize User Changes with Outbound SCIM Requests using Event Streams.
Original source Similar to Auth0 with recent updates:
- n8n release notes59 release notes · Latest Jul 7, 2026
- Microsoft release notes654 release notes · Latest Jul 10, 2026
- Google release notes1669 release notes · Latest Jul 10, 2026
- Slack release notes175 release notes · Latest Jul 1, 2026
- Docusign release notes21 release notes · Latest Jun 21, 2026
- Notion release notes147 release notes · Latest Jul 9, 2026
- Jun 22, 2026
- Date parsed from source:Jun 22, 2026
- First seen by Releasebot:Jun 23, 2026
Refresh Token metadata is now Generally Available
Auth0 adds Refresh Token Metadata to Enterprise customers, now generally available. It lets teams store custom key-value pairs on refresh tokens for richer context and more personalized authentication, with lifecycle persistence and Management API support for retrieving, updating, and revoking token metadata.
What's included in the feature
We're excited to announce that Refresh Token Metadata is now Generally Available for Enterprise customers.
Refresh Token Metadata allows you to attach custom key-value pairs to refresh tokens, enabling richer context storage and more personalized authentication experiences.Store Custom Data on Refresh Tokens
You can now attach up to 25 custom key-value pairs to each refresh token. This metadata persists throughout the token's lifecycle and can be accessed or modified via the Management API.
// In Post-Login Action exports.onExecutePostLogin = async (event, api) => { api.refreshToken.setMetadata('deviceName', event.request.user_agent); api.refreshToken.setMetadata('loginRegion', event.request.geoip?.countryCode); api.refreshToken.setMetadata('orgContext', event.organization?.id); };Management API Support
Access and manage refresh token metadata programmatically:
GET /api/v2/refresh-tokens/{id}- Retrieve token with metadataPATCH /api/v2/refresh-tokens/{id}- Update token metadataDELETE /api/v2/refresh-tokens/{id}- Revoke token
Learn more about Refresh Token Metadata in our documentation and our blog
Original source - Jun 17, 2026
- Date parsed from source:Jun 17, 2026
- First seen by Releasebot:Jun 18, 2026
Google Workspace Directory Sync for Groups - Early Access Updates
Auth0 expands Google Workspace Directory Sync for Groups with Early Access now available without enrolment, plus native assignment of synced groups to tenant-level RBAC and organization roles for automatic permissions.
We are happy to share that Google Workspace Directory Sync for Groups is now available in Early Access without enrolment!
All previously announced Early Access capabilities including automated group synchronization, "Sync all" functionality, and partial group selection are now available out-of-the-box without enrolment. Additionally, you can now natively assign groups synced through Google Workspace to Auth0 tenant-level RBAC roles and Auth0 organization-specific roles, allowing group members to automatically inherit correct permissions when they log in.
This update is available to all customers in public cloud today, and will be gradually rolling out to private cloud environments in the coming weeks.
To get started, navigate to your Google Workspace enterprise connection in the Auth0 Dashboard and configure your group synchronization preferences.
Learn more in our public documentation:
- How to Sync Google Workspace Users and Groups to Auth0 with Directory Sync
- Assign Roles for Enterprise Groups
- Jun 15, 2026
- Date parsed from source:Jun 15, 2026
- First seen by Releasebot:Jun 16, 2026
Dashboard Search for APIs Now in Beta
Auth0 adds public beta API search in the Dashboard, letting users find APIs in real time by ID, identifier, or name.
Dashboard Search for APIs is now available in Public Beta!
Find your API faster without scrolling through paginated lists.
Dashboard users can now search APIs in real time by ID, identifier or name.
Rolling out progressively to Public Cloud tenants starting this week, with broader availability in the coming weeks.
For detailed documentation on search capabilities, visit our Product documentation.
Original source - Jun 11, 2026
- Date parsed from source:Jun 11, 2026
- First seen by Releasebot:Jun 11, 2026
Improved refresh token management is Early Access
Auth0 adds early access refresh token management endpoints, bringing more granular search and revocation options plus bulk token revocation for up to 100 IDs at once.
We're excited to announce the addition of two new endpoints for refresh token management, introducing granularity in search and revocation capabilities, as well as bulk revocation of refresh tokens (up to 100 individual IDs at a time):
- A new GET api/v2/refresh-tokens endpoint which allows retrieving refresh tokens for a user_id or a user_id + client_id combination
- A new POST api/v2/refresh-tokens/revoke endpoint which allows RT revocation:
- by ids (up to 100 at a time)
- by user_id (remove all refresh tokens for a given user)
- by user_id + client_id (remove all refresh tokens bound to a client for a given user)
- by user_id + client_id + audience (remove all refresh bound to a client and a resource server for a given user)
The new endpoints are in Early Access. Please contact your TAM or open a support ticket to get this feature enabled in your tenant
Original source - Jun 8, 2026
- Date parsed from source:Jun 8, 2026
- First seen by Releasebot:Jun 9, 2026
Enhanced Bot Detection for Signup Flows
Auth0 improves Bot Detection in the Signup Flow with a smarter machine learning model that catches more automated traffic while keeping false positives low. The update delivers more consistent protection across tenants and rolls out automatically to eligible Enterprise customers.
We have updated the machine learning model driving Bot Detection during the Signup Flow.
This update lowers false-negative rates to intercept more automated traffic while keeping false-positive rates low for valid users.
What's New:
Smarter Signup Security:
Optimized thresholds catch advanced bot behaviors while preserving a seamless registration experience for legitimate users.
Consistent Protection at Scale:
The model now delivers uniform detection accuracy across tenants of all sizes, regardless of your baseline traffic volumes.
Note:
This model optimization specifically targets the signup flow and rolls out automatically to Enterprise tenants utilizing Attack Protection with no customer action or migration steps required.
To learn more about Bot Detection check out our online docs here
Original source - Jun 5, 2026
- Date parsed from source:Jun 5, 2026
- First seen by Releasebot:Jun 6, 2026
Inbound SCIM Groups for Enterprise Connections is now Generally Available!
Auth0 adds GA support for Groups in Inbound SCIM for Enterprise Connections, letting synced groups map to tenant-level or organization-scoped roles and enabling self-service SCIM provisioning for enterprise customers to speed up B2B onboarding.
What’s new in GA:
We’re pleased to announce that support for Groups within Auth0’s Inbound SCIM for Enterprise Connections capability is now Generally Available (GA)!
This release closes the loop between identity provisioning and access control by allowing you to natively map synced groups to Auth0 roles at two levels: globally at the tenant level, or scoped specifically to an organization based on the user’s login context.
Additionally, developers can now accelerate B2B onboarding by empowering their enterprise customers to self-configure SCIM provisioning for groups directly.
Building on our Early Access capabilities, this release introduces the following enhancements to deliver out-of-the-box B2B delegated administration:
- Associate tenant-level RBAC roles with Enterprise Groups: For global access, you can assign Auth0 tenant-level roles directly to SCIM-provisioned groups. Any member of the synced group will automatically inherit these roles globally.
- Assign Organization scoped roles to Enterprise Groups: You can now assign organization scoped roles to SCIM-provisioned groups. In tandem with Auto-Membership, your customers' users will automatically inherit workspace-scoped permissions the moment they log in.
- Self-Service Enterprise Configuration: Empower your enterprise customers (or their IdP administrators) to configure SCIM provisioning for users and groups on their own through the Self-Service flow, accelerating B2B onboarding and removing your support team from the loop.
How to get started:
This feature will be rolled out to all public cloud environments over the next few days and to private cloud environments as per their release pipeline.
SCIM Groups is available for all tenants whose Auth0 plan includes Enterprise Connections. To enable it, navigate to the Auth0 Dashboard, go to Authentication > Enterprise, select your SAML, OpenID Connect, Okta Workforce, or Microsoft Entra ID connection, and toggle Sync user profiles using SCIM to On under the Provisioning tab.
Learn more:
- Configure Inbound SCIM
- Assign Roles to Enterprise Groups
- Self-Service Enterprise Configuration
- Group Events using the Eventing Platform
- Jun 2, 2026
- Date parsed from source:Jun 2, 2026
- First seen by Releasebot:Jun 3, 2026
Dashboard Navigation & IA Refresh is now in Beta
Auth0 introduces a redesigned Dashboard navigation and information architecture in beta, with a visual refresh that makes the platform easier to scan, faster to navigate, and more unified across common tasks.
We are excited to announce that the redesigned Dashboard navigation and information architecture (IA) is now available in Beta. This update is the first step toward a more unified platform experience across Auth0, making it faster to find what you need and easier to act on everything across the platform. Alongside the IA changes, this beta also includes a significant visual refresh.
What's in the Beta
Flattened navigation
- Label-only group headers so every item is visible at a glance, reducing clicks and making pages faster to reach.
- Reorganized around common tasks to surface the pages you use most and match the way you actually work.
- External actions have moved out of the sidebar and into the top bar, keeping the sidebar focused on tenant configuration.
Consolidated & renamed pages
- Related functionality grouped together to bring common tasks closer together.
- Clearer naming to better align functionality across the platform.
Availability
- Existing bookmarks and deep links will continue to work and you'll be automatically redirected to the new page.
- This is a navigation, IA, and visual update only. All underlying functionality and APIs remain the same.
Join the beta!
If you're interested in joining the Dashboard Navigation & IA Refresh beta program, please send a request through the Auth0 Support Center or contact your Technical Account Manager (TAM) or Auth0 Sales Executive to help you out with the process.
Original source - Jun 2, 2026
- Date parsed from source:Jun 2, 2026
- First seen by Releasebot:Jun 3, 2026
Dashboard Search for Applications Now in Beta
Auth0 adds Dashboard Search for Applications in Public Beta, letting users quickly search and filter applications in real time with multiple filter options, guided Boolean search, and shareable URL-based filters.
We're excited to announce that Dashboard Search for Applications is now available in Public Beta! Find your applications faster without scrolling through paginated lists.
What's New:
Dashboard users can now search and filter applications in real time by application name, client ID, external client ID, metadata, application type, and first-party status.
- Multiple filter options — Combine up to 5 filters
- Guided filter menu with Boolean search logic
- Filters persist in URLs for sharing and bookmarking
Rolling out progressively to Public Cloud tenants starting this week, with broader availability in the coming weeks.
For detailed documentation on search capabilities, visit our Product documentation.
Original source - Jun 2, 2026
- Date parsed from source:Jun 2, 2026
- First seen by Releasebot:Jun 2, 2026
M2M Support for Third-Party Applications is now Generally Available
Auth0 adds client_credentials support for strict third-party applications, bringing secure machine-to-machine access for AI agents and partner backend services. It also adds organization-scoped M2M access through the Management API and Dashboard with explicit grant controls.
We're happy to announce that
strictthird-party applications now support machine-to-machine (M2M) access using theclient_credentialsgrant type.
As you expose your APIs to AI agents and partner backend services that operate without a user in the loop, you need those integrations to work within the same secure-by-default posture as the rest of your third-party application setup. This release makes that possible.What's included:
client_credentialsgrant type support forstrictthird-party applications, available via the Management API and Dashboard.- Organization-scoped M2M access:
strictthird-party applications can request access tokens within the scope of a specific organization, with the same explicit grant requirements that apply to all M2M applications. Learn more about M2M access for organizations. - M2M access is intentionally restricted to applications created manually via the Management API or Dashboard. Applications registered via Dynamic Client Registration are excluded to prevent uncontrolled token issuance by unvetted third parties.
To learn more, visit the Third-Party Applications documentation.
Original source - Jun 1, 2026
- Date parsed from source:Jun 1, 2026
- First seen by Releasebot:Apr 13, 2026
- Modified by Releasebot:Jun 11, 2026
Customize RPID values for Passkeys GA
Auth0 now supports GA passkey adoption across subdomains with shared enrollment, letting teams customize the RP ID so a single passkey can authenticate users across multiple applications under the same root domain.
Boost Passkey adoption by enabling shared enrollment across subdomains. You can now customize the RP ID to allow a single Passkey to authenticate users across multiple applications under the same root domain. Now GA!
Learn more:
Enable and Configure Passkey Authentication for Database Connections
Native Passkeys for Mobile Applications
Passkey Authentication for Database Connections
Original source
Curated by the Releasebot team
Releasebot is an aggregator of official release notes from hundreds of software vendors and thousands of sources.
Our editorial process involves the manual review and audit of release notes procured with the help of automated systems.