Auth0 Release Notes

Auth0 Akamai Supplemental Signals is now GA and available across the full authentication lifecycle.

This update allows developers to ingest risk scores and edge intelligence from Akamai Bot Manager and Account Protector into several new Action triggers: Pre-User Registration, Post-User Registration, Post-Challenge, and Post-Change Password.

By integrating these signals directly into the Auth0 pipeline, organizations can stop automated bot signups before an account is created and enforce real-time security logic during critical events like password resets or MFA challenges.

To learn more about Akamai Supplemental Signals and how to set it up review our online documentation here

The call to action for the Universal Login forgot password flow has been updated from "Forgot Password" to "Reset Password." This aligns all Universal Login CTAs to be action-oriented. The updated text is available across all languages supported by Auth0. Customers who want to keep the original "Forgot Password" text can restore it via language customization at Branding > Universal Login > Edit text and translations.

Learn more: https://auth0.com/docs/customize/login-pages/universal-login/customize-text-elements

We are excited to announce the Early Access (EA) release of the My Organization API and a library of Embeddable UI Components for Organization Detail and Identity Provider Management. Every B2B product needs an admin console for customers to manage their own members and security. This new feature set empowers B2B SaaS developers to deliver robust self-service experience for admins in a matter of days, not months.

The My Organization API removes the need to build complex interfaces from scratch. With a secure governance layer that integrates seamlessly with your application, developers can easily deliver sophisticated, branded admin portals that meet the needs of even the largest customers without extra operational overhead.

Key Highlights:

• My Organization System API: A purpose-built API designed for secure, scalable delegated administration, allowing customers to manage organization details and identity providers directly.
• Embeddable UI Components: A library of white-label building blocks that can be dropped into any application to provide instant self-service management for SSO, domains, and members.
• Security-First Primitives: Built-in support for cryptographically bound tokens via DPoP and automatic step-up authentication that triggers inline MFA for privileged actions.
• Intelligent Onboarding: A new Dashboard-based onboarding wizard that simplifies configuration with safe defaults, automated entity setup, and a test environment.
• B2B Observability and Governance: Enhanced tenant logs and per-organization rate limiting ensure full visibility into administrative actions while protecting tenant stability.
• Interactive Developer Tools: A modernized API Explorer and extensive SDK support across multiple languages allow developers to integrate and test administrative activity at scale.

Why This Matters:

This release moves beyond simple API access to a unified governance layer for human and machine identity. Modern primitives like automatic least privilege ensures administrative sessions are always secure and context-aware. The result? Enterprise buyers can now get granular access levels and organization-specific rate limits they expect without the complexity of building custom backend middleware yourself.

This feature is available for all tenants. To begin, navigate to the Applications > APIs section of your Dashboard to activate the My Organization API.

To learn more, read the My Organization API documentation and if you have any feedback, give us a shout in our community channel!

We’re excited to announce that Multiple Custom Domains (MCD) is now Generally Available.

With Multiple Custom Domains, Enterprise customers can support multiple branded login experiences from a single Auth0 tenant. This helps you deliver more tailored authentication experiences across consumer applications, multi-brand businesses, and B2B SaaS use cases.

MCD GA includes support for:

• Configuring custom domains at scale within a single tenant
• A default domain for streamlined development and testing
• Passkey enrollment on custom domains
• B2B SaaS Self-Service SSO customizations
• Custom domain metadata in Advanced Customizations for Universal Login (ACUL)
• Support across Management SDKs, Authentication SDKs, and Forms

Visit Auth0 docs to get started.

Auth0 developers leveraging Express Configuration with Okta now have a more streamlined process for submitting their application to the Okta Integration Network.

The Okta Integration Network (OIN) Wizard has been updated with a new section for Auth0 developers that automatically populates the required configuration fields for OpenID Connect (OIDC), System for Cross-domain Identity Management (SCIM), and Global Token Revocation (GTR) integrations, based on information sourced from the Auth0 Dashboard.

To learn more about Express Configuration with Okta and the Okta Integration Network (OIN), click here.

We are excited to introduce Developer Preview, a new product release stage designed to get upcoming capabilities into your hands faster!

Developer Preview serves as a new release phase for new Auth0 product introductions. We utilize this stage when a new product capability will eventually be a paid feature, but we want to grant you access before the official pricing is applied.

Key Highlights:

• Free Production Access: You can use Developer Preview features in your production environments for free during the preview period.
• Clear Expectations: Participating in a Developer Preview provides a clear signal that the feature will include a paid component once it reaches General Availability (GA).
• Help Shape the Product: Getting these features to you early allows us to collect valuable feedback to iterate on prior to the GA launch.

To participate in an active Developer Preview, you will simply need to sign up and accept the specific opt-in requirements for that feature.

To learn more about how Developer Preview fits into our overall release process, visit our updated Product Release Stages documentation.

You can now manage custom authentication screen partials directly in the Auth0 dashboard with a purpose-built visual editor. Instead of encoding HTML as strings and sending them through the API, you get a proper code editor with syntax highlighting and live feedback.

The editor includes supporting tools:

• Code snippet library: pre-built snippets for common use cases like first and last name, phone number, terms of service checkboxes, and more, ready to insert with a click
• Template variable reference: a clickable list of all context variables available in the partial, for quick insertion without leaving the editor
• Actions shortcut: open Actions in a new window directly from the editor
• Interactive preview: click into entry points to edit HTML inline, see visually which entry point each element belongs to, and toggle entry point wrappers off to preview what the prompt looks like in the login flow

This update also expands what's possible with partials:

• Passkey screens: customize passkey authentication screens anywhere they appear in your flow; data capture is supported in the signup flow
• Custom database connections: data captured from partials is now surfaced in custom database connection scripts

Head over to the Auth0 Docs to learn more.

What's new:

We've updated session handling in SAML-P and WS-Fed authentication flows to align with industry best practices and our existing OAuth2/OIDC behavior. Following a successful login via SAML-P or WS-Fed, the session ID will now be rotated and a new session cookie will be issued.

What this means for you:

If your implementation includes client-side logic, downstream services, or integrations that read or store session IDs across SAML-P or WS-Fed login flows, you will now receive a new session ID after authentication completes. Please review and update any such implementations accordingly.

This change brings SAML-P and WS-Fed session handling in line with the existing behavior of OAuth2 and OIDC flows, ensuring consistent and secure session management across all authentication protocols.

We are excited to announce the release of auth0-springboot-api, a new official SDK designed to streamline authentication and security for Spring Boot backend applications.

Key Benefits

• Supports Spring Boot 3.2+ (Java 17+) and built for the modern filter-chain pattern.Developers can secure an API by injecting Auth0AuthenticationFilter into their SecurityFilterChain — just configure auth0.domain and auth0.audience in application.yml and go.
• Abstracts the complexity of JWT validation. Developers no longer need to write fragile boilerplate code to check Audiences or Issuers. The SDK handles JWKS fetching, token validation, and scope-to-authority mapping (SCOPE_ prefix) out of the box.
• Supports DPoP with flexible enforcement modes (Allowed, Required, Disabled). Enterprise customers can enforce proof-of-possession token security per RFC 9449 with a single config property — no controller changes needed.

Getting Started

• Quickstart
• Official Repo
• Examples

We’re excited to announce that Google Workspace Directory Sync for Groups is now available in Early Access (EA)!

This enhancement enables the automatic and reliable sync of group structures and memberships from Google Workspace directly into Auth0 Enterprise Groups.

Key Highlights:

• Automated group synchronization: Continuously mirror your Google Workspace groups into Auth0 to ensure your roles and access permissions remain accurate and up to date without manual intervention or relying on login events.
• Streamlined "Sync All" functionality: Enable groups synchronization for your entire Google Workspace Enterprise Connection through either the Management Dashboard or Management API in one step.
• View groups in Auth0: Groups provisioned using Google Workspace Directory Sync for Groups can be viewed in the Management Dashboard under Enterprise Groups, or retrieved through the Management API.
• Sync groups from Auth0 to external systems: Users and groups provisioned inbound to Auth0 can be synchronized outbound to external systems using Auth0’s Event streams feature.
• Use groups in the Post-Login Action: Use group information pushed from Enterprise identity providers in your Auth0 post-login actions to make access control and authorization decisions in Auth0.

To join the EA program, please complete the EA Terms & Conditions form and contact your Auth0 Account Team to request activation and supporting documentation.