CINXE.COM

<!DOCTYPE html><html lang="en"><head><title>Learn about Authentication, Security, Growth and, More</title><meta name="viewport" content="initial-scale=1.0, width=device-width"/><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=5"/><meta name="fragment" content="!"/><meta name="google-site-verification" content="KFViLMGmUy6wD69eTa8DPQhdfDlh_98L7seja7jIUQA"/><meta name="yandex-verification" content="5bf6f6598e8639ca"/><meta name="facebook-domain-verification" content="u12hlura60iag5ysnvf6761lhe6chz"/><meta name="description" content="There's a lot to learn about authentication, security, and growth, but don't worry. We're here to help you learn new things in an easy and friendly way."/><meta property="og:type" content="website"/><meta property="og:title" content="Learn about Authentication, Security, Growth and, More"/><meta property="og:site_name" content="Auth0"/><meta property="og:description" content="There's a lot to learn about authentication, security, and growth, but don't worry. We're here to help you learn new things in an easy and friendly way."/><meta property="og:locale" content="en"/><meta property="og:url" content="https://auth0.com/learn"/><meta property="og:image" content="https://images.ctfassets.net/kbkgmx9upatd/7wcjX6CHEpHAs7j8F0NM2e/0bf2fd6fa34b4252f4f64191a1c96bfc/Learn_-_Share_image.png"/><meta property="og:image:secure_url" content="https://images.ctfassets.net/kbkgmx9upatd/7wcjX6CHEpHAs7j8F0NM2e/0bf2fd6fa34b4252f4f64191a1c96bfc/Learn_-_Share_image.png"/><meta property="fb:app_id" content="507756515938786"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:site" content="@auth0"/><meta name="twitter:creator" content="@auth0"/><meta name="twitter:title" content="Learn about Authentication, Security, Growth and, More"/><meta name="twitter:description" content="There's a lot to learn about authentication, security, and growth, but don't worry. We're here to help you learn new things in an easy and friendly way."/><meta name="twitter:image:src" content="https://images.ctfassets.net/kbkgmx9upatd/7wcjX6CHEpHAs7j8F0NM2e/0bf2fd6fa34b4252f4f64191a1c96bfc/Learn_-_Share_image.png"/><meta name="twitter:image:width" content="1024"/><meta name="twitter:image:height" content="512"/><meta name="theme-color" content="#ffffff"/><meta name="pocket-site-verification" content="d301f9bf5a8414226ceee36fc991e9"/><link rel="canonical" href="https://auth0.com/learn"/><link rel="alternate" hrefLang="en" href="https://auth0.com/learn"/><link rel="alternate" hrefLang="de" href="https://auth0.com/de/learn"/><link rel="alternate" hrefLang="fr" href="https://auth0.com/fr/learn"/><link rel="alternate" hrefLang="ja" href="https://auth0.com/jp/learn"/><link rel="alternate" hrefLang="es" href="https://auth0.com/es/learn"/><link rel="alternate" hrefLang="pt" href="https://auth0.com/pt/learn"/><link rel="alternate" hrefLang="x-default" href="https://auth0.com/learn"/><script type="application/ld+json">{ "@context": "http://schema.org", "@type": "WebPage", "name": "Learn about Authentication, Security, Growth and, More", "description": "There's a lot to learn about authentication, security, and growth, but don't worry. We're here to help you learn new things in an easy and friendly way.", "url": "https://auth0.com/learn", "image": "https://images.ctfassets.net/kbkgmx9upatd/7wcjX6CHEpHAs7j8F0NM2e/0bf2fd6fa34b4252f4f64191a1c96bfc/Learn_-_Share_image.png", "publisher": { "@type": "Organization", "name": "Auth0", "legalName": "Auth0 Inc.", "url": "https://auth0.com/", "logo": "https://cdn.auth0.com/website/home-page/evolution_logo_Auth0_black.svg", "foundingDate": "2013-02-01T00:00:00.000Z", "address": { "@type": "PostalAddress", "streetAddress": "10800 NE 8th Street, Suite 600", "addressLocality": "Bellevue", "addressRegion": "WA", "postalCode": "98004", "addressCountry": "USA" }, "contactPoint": { "@type": "ContactPoint", "contactType": "Customer Support", "telephone": "[+888-235-2699]", "email": "info@auth0.com" }, "sameAs": [ "https://twitter.com/auth0", "https://www.facebook.com/getauth0/", "https://www.linkedin.com/company/auth0" ] } }</script><script> const generateNewContext = () => { return { window: { location: { hash: window.location.hash, host: window.location.host, hostname: window.location.hostname, href: window.location.href, origin: window.location.origin, pathname: window.location.pathname, port: window.location.port, protocol: window.location.protocol, search: window.location.search, }, navigator: { language: window.navigator.language, browserLanguage: window.navigator.browserLanguage, userAgent: window.navigator.userAgent, }, innerHeight: window.innerHeight, innerWidth: window.innerWidth, }, document: { title: document.title, referrer: document.referrer, }, }; }; window.addEventListener('resize', () => { const iframe = document.getElementById('drift-iframe'); iframe.contentWindow.postMessage( { type: 'driftUpdateContext', data: generateNewContext() }, '*', ); }); window.addEventListener('scroll', (event) => { const iframe = document.getElementById('drift-iframe'); iframe.contentWindow.postMessage( { type: 'driftParentScroll', data: { scroll: true }, target: 'drift.parentScroll', }, '*', ); }); window.addEventListener('message', function (event) { const iframe = document.getElementById('drift-iframe'); if ( !(iframe && iframe.contentWindow) && event.source === iframe.contentWindow ) { return; } const message = event.data; if (message.type === 'drift:ready') { iframe.contentWindow.postMessage( { type: 'driftSetContext', data: generateNewContext() }, '*', ); } if (message.type === 'drift:resize') { const styles = message.data.styles; for (let key in styles) { if (!styles.hasOwnProperty(key)) { continue; } iframe.style.setProperty(key, styles[key]); } } });</script><meta name="next-head-count" content="38"/><link rel="shortcut icon mask-icon" type="image/svg+xml" href="https://cdn.auth0.com/website/website/favicons/auth0-favicon.svg"/><link rel="shortcut icon" type="image/svg+xml" href="https://cdn.auth0.com/website/website/favicons/auth0-favicon.svg"/><link rel="shortcut icon" type="image/png" href="https://cdn.auth0.com/website/website/favicons/auth0-favicon-48.png"/><link rel="icon" sizes="16x16" type="image/png" href="https://cdn.auth0.com/website/website/favicons/auth0-favicon-16.png"/><link rel="icon" sizes="32x32" type="image/png" href="https://cdn.auth0.com/website/website/favicons/auth0-favicon-32.png"/><link rel="icon" sizes="48x48" type="image/png" href="https://cdn.auth0.com/website/website/favicons/auth0-favicon-48.png"/><link rel="icon" sizes="96x96" type="image/png" href="https://cdn.auth0.com/website/website/favicons/auth0-favicon-96.png"/><link rel="icon" sizes="144x144" type="image/png" href="https://cdn.auth0.com/website/website/favicons/auth0-favicon-144.png"/><link rel="apple-touch-icon" sizes="180x180" href="https://cdn.auth0.com/website/website/favicons/auth0-favicon-180.png"/><link rel="stylesheet" type="text/css" href="https://cdn.auth0.com/website/styleguide/core-custom/1.0.3/core.min.css"/><link rel="stylesheet" type="text/css" charSet="UTF-8" href="https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.min.css"/><link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick-theme.min.css"/><script type="text/plain" class="optanon-category-4">(function (h, o, t, j, a, r) {h.hj = h.hj || function () { (h.hj.q = h.hj.q || []).push(arguments) }; h._hjSettings = { hjid: 301495, hjsv: 5 }; a = o.getElementsByTagName('head')[0]; r = o.createElement('script'); r.async = 1; r.src = t + h._hjSettings.hjid + j + h._hjSettings.hjsv; a.appendChild(r);}(window, document, '//static.hotjar.com/c/hotjar-', '.js?sv='))</script><script type="text/plain" class="optanon-category-4"> window._6si = window._6si || []; window._6si.push(['enableEventTracking', true]); window._6si.push(['setToken', '5400c5b6d4c7c0376f36ed7c5ebbc828']); window._6si.push(['setEndpoint', 'b.6sc.co']); (function() { var gd = document.createElement('script'); gd.type = 'text/javascript'; gd.async = true; gd.src = '//j.6sc.co/6si.min.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(gd, s); })();</script><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/b2b-enterprise-identity-management/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js"></script><script src="/b2b-enterprise-identity-management/_next/static/chunks/webpack-f94b7d1e45d3fc92.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/chunks/framework-2fe4cb6473b20297.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/chunks/main-0e6c5455930a1b1c.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/chunks/pages/_app-5e9a713bbc759748.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/chunks/9236dd9e-7626af53aa335123.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/chunks/3339-8a055232aafba6ff.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/chunks/1664-df515f0f42a0699e.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/chunks/3296-19c42866990842c9.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/chunks/4563-3823422007cc4569.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/chunks/9634-bcdf1704210a9c10.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/chunks/pages/learn-65677fa54621fd3a.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/RO_SziR6vX5xi4h-wP00e/_buildManifest.js" defer=""></script><script src="/b2b-enterprise-identity-management/_next/static/RO_SziR6vX5xi4h-wP00e/_ssgManifest.js" defer=""></script><style data-styled="" data-styled-version="5.3.6">html{line-height:1.15;-webkit-text-size-adjust:100%;}/*!sc*/ body{margin:0;}/*!sc*/ main{display:block;}/*!sc*/ h1{font-size:2em;margin:0.67em 0;}/*!sc*/ hr{box-sizing:content-box;height:0;overflow:visible;}/*!sc*/ pre{font-family:monospace,monospace;font-size:1em;}/*!sc*/ a{background-color:transparent;}/*!sc*/ abbr[title]{border-bottom:none;-webkit-text-decoration:underline;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;}/*!sc*/ b,strong{font-weight:bolder;}/*!sc*/ code,kbd,samp{font-family:monospace,monospace;font-size:1em;}/*!sc*/ small{font-size:80%;}/*!sc*/ sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline;}/*!sc*/ sub{bottom:-0.25em;}/*!sc*/ sup{top:-0.5em;}/*!sc*/ img{border-style:none;}/*!sc*/ button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0;}/*!sc*/ button,input{overflow:visible;}/*!sc*/ button,select{text-transform:none;}/*!sc*/ button,[type="button"],[type="reset"],[type="submit"]{-webkit-appearance:button;}/*!sc*/ button::-moz-focus-inner,[type="button"]::-moz-focus-inner,[type="reset"]::-moz-focus-inner,[type="submit"]::-moz-focus-inner{border-style:none;padding:0;}/*!sc*/ button:-moz-focusring,[type="button"]:-moz-focusring,[type="reset"]:-moz-focusring,[type="submit"]:-moz-focusring{outline:1px dotted ButtonText;}/*!sc*/ fieldset{padding:0.35em 0.75em 0.625em;}/*!sc*/ legend{box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal;}/*!sc*/ progress{vertical-align:baseline;}/*!sc*/ textarea{overflow:auto;}/*!sc*/ [type="checkbox"],[type="radio"]{box-sizing:border-box;padding:0;}/*!sc*/ [type="number"]::-webkit-inner-spin-button,[type="number"]::-webkit-outer-spin-button{height:auto;}/*!sc*/ [type="search"]{-webkit-appearance:textfield;outline-offset:-2px;}/*!sc*/ [type="search"]::-webkit-search-decoration{-webkit-appearance:none;}/*!sc*/ ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit;}/*!sc*/ details{display:block;}/*!sc*/ summary{display:list-item;}/*!sc*/ template{display:none;}/*!sc*/ [hidden]{display:none;}/*!sc*/ data-styled.g1[id="sc-global-ecVvVt1"]{content:"sc-global-ecVvVt1,"}/*!sc*/ .gvYGiu{margin:0;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;background:linear-gradient(0deg,rgba(255,255,255,0.40) 0%,rgba(255,255,255,0.40) 100%),radial-gradient(123.72% 71.29% at 7.15% 100%,#FFF 0%,rgba(255,255,255,0.00) 100%),radial-gradient(234.4% 144.94% at 84.62% 0%,#FFF 0%,rgba(255,255,255,0.00) 100%),linear-gradient(26deg,rgba(255,255,255,0.17) -32.04%,rgba(255,255,255,0.00) 133.43%);border-width:0;border-radius:0.6rem;border-style:solid;color:#000000;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;font-size:1.6rem;line-height:2.4rem;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;padding:1.2rem 3.2rem;width:100%;height:-webkit-fit-content;height:-moz-fit-content;height:fit-content;-webkit-text-decoration:none;text-decoration:none;-webkit-transition:all 0.4s ease-in-out;transition:all 0.4s ease-in-out;font-family:Aeonik,sans-serif;font-style:normal;font-weight:500;position:relative;overflow:hidden;box-shadow:0px -16px 24px 0px rgba(255,255,255,0.48) inset,0px 4px 4px 0px rgba(0,0,0,0.25);}/*!sc*/ @media screen and (min-width:900px){.gvYGiu{width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;}}/*!sc*/ .gvYGiu:active{color:#191919;background:linear-gradient(0deg,rgba(0,0,0,0.20) 0%,rgba(0,0,0,0.20) 100%),linear-gradient(0deg,rgba(255,255,255,0.70) 0%,rgba(255,255,255,0.70) 100%),radial-gradient(120.32% 83.76% at 50% 100%,#FFF 0%,rgba(255,255,255,0.00) 100%),radial-gradient(47.47% 14.92% at 50% 0%,#FFF 0%,rgba(255,255,255,0.00) 100%),radial-gradient(67.49% 95.06% at 50% 15.5%,#FFF 0%,rgba(255,255,255,0.36) 100%),radial-gradient(33.16% 50% at 50% 0%,#FFF 0%,rgba(255,255,255,0.00) 100%);}/*!sc*/ .gvYGiu:hover{-webkit-transition:all 0.4s ease-in-out;transition:all 0.4s ease-in-out;color:#191919;background:linear-gradient(0deg,rgba(255,255,255,0.70) 0%,rgba(255,255,255,0.70) 100%),radial-gradient(120.32% 83.76% at 50% 100%,#FFF 0%,rgba(255,255,255,0.00) 100%),radial-gradient(47.47% 14.92% at 50% 0%,#FFF 0%,rgba(255,255,255,0.00) 100%),radial-gradient(67.49% 95.06% at 50% 15.5%,#FFF 0%,rgba(255,255,255,0.36) 100%),radial-gradient(33.16% 50% at 50% 0%,#FFF 0%,rgba(255,255,255,0.00) 100%);cursor:pointer;}/*!sc*/ .gvYGiu:hover{box-shadow:0px 8px 28px 0px rgba(255,255,255,0.08);}/*!sc*/ .gvYGiu:active{box-shadow:0px 8px 28px 0px rgba(255,255,255,0.08);}/*!sc*/ .gvYGiu:disabled{box-shadow:0px -16px 24px 0px rgba(255,255,255,0.48) inset,0px 4px 4px 0px rgba(0,0,0,0.25);}/*!sc*/ .gvYGiu span{z-index:3;}/*!sc*/ .gvYGiu:hover{background:linear-gradient(0deg,rgba(255,255,255,0.40) 0%,rgba(255,255,255,0.40) 100%),radial-gradient(123.72% 71.29% at 7.15% 100%,#FFF 0%,rgba(255,255,255,0.00) 100%),radial-gradient(234.4% 144.94% at 84.62% 0%,#FFF 0%,rgba(255,255,255,0.00) 100%),linear-gradient(26deg,rgba(255,255,255,0.17) -32.04%,rgba(255,255,255,0.00) 133.43%);}/*!sc*/ .gvYGiu::before{content:'';width:100%;height:100%;display:inline-block;background:linear-gradient(0deg,rgba(255,255,255,0.70) 0%,rgba(255,255,255,0.70) 100%),radial-gradient(120.32% 83.76% at 50% 100%,#FFF 0%,rgba(255,255,255,0.00) 100%),radial-gradient(47.47% 14.92% at 50% 0%,#FFF 0%,rgba(255,255,255,0.00) 100%),radial-gradient(67.49% 95.06% at 50% 15.5%,#FFF 0%,rgba(255,255,255,0.36) 100%),radial-gradient(33.16% 50% at 50% 0%,#FFF 0%,rgba(255,255,255,0.00) 100%);opacity:0;position:absolute;-webkit-transition:all 0.4s ease-in-out;transition:all 0.4s ease-in-out;}/*!sc*/ .gvYGiu:hover::before{opacity:1;}/*!sc*/ .hIGiqp{margin:0;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;background:linear-gradient(26deg,rgba(255,255,255,0.15) -32.04%,rgba(255,255,255,0.00) 133.43%);border-width:1.5px;border-color:linear-gradient(29.98deg,rgba(255,254,250,0.7) 23.72%,rgba(255,254,250,0) 107.71%);border-radius:0.6rem;border-style:solid;color:#FFFEFA;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;font-size:1.6rem;line-height:2.4rem;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;padding:1.2rem 3.2rem;width:100%;height:-webkit-fit-content;height:-moz-fit-content;height:fit-content;-webkit-text-decoration:none;text-decoration:none;-webkit-transition:all 0.4s ease-in-out;transition:all 0.4s ease-in-out;font-family:Aeonik,sans-serif;font-style:normal;font-weight:500;position:relative;overflow:hidden;border:none;}/*!sc*/ @media screen and (min-width:900px){.hIGiqp{width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;}}/*!sc*/ .hIGiqp:active{color:rgba(255,254,250,0.8);border-color:linear-gradient(29.98deg,rgba(255,254,250,0.8) 23.72%,rgba(255,254,250,0) 107.71%);background:linear-gradient(0deg,rgba(0,0,0,0.20) 0%,rgba(0,0,0,0.20) 100%),linear-gradient(26deg,rgba(255,255,255,0.08) -32.04%,rgba(255,255,255,0.00) 133.43%);}/*!sc*/ .hIGiqp:hover{-webkit-transition:all 0.4s ease-in-out;transition:all 0.4s ease-in-out;border-color:linear-gradient(29.98deg,rgba(255,254,250,0.8) 23.72%,rgba(255,254,250,0) 107.71%);color:#FFFEFA;background:radial-gradient(72.18% 56.98% at 50% 100%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(100.79% 100% at 50% 0%,rgba(255,255,255,0.40) 0%,rgba(255,255,255,0.00) 100%),linear-gradient(26deg,rgba(255,255,255,0.08) -32.04%,rgba(255,255,255,0.00) 133.43%);cursor:pointer;}/*!sc*/ .hIGiqp span{z-index:3;}/*!sc*/ .hIGiqp:hover{background:linear-gradient(26deg,rgba(255,255,255,0.15) -32.04%,rgba(255,255,255,0.00) 133.43%);}/*!sc*/ .hIGiqp::before{content:'';width:100%;height:100%;display:inline-block;background:radial-gradient(72.18% 56.98% at 50% 100%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(100.79% 100% at 50% 0%,rgba(255,255,255,0.40) 0%,rgba(255,255,255,0.00) 100%),linear-gradient(26deg,rgba(255,255,255,0.08) -32.04%,rgba(255,255,255,0.00) 133.43%);opacity:0;position:absolute;-webkit-transition:all 0.4s ease-in-out;transition:all 0.4s ease-in-out;}/*!sc*/ .hIGiqp:hover::before{opacity:1;}/*!sc*/ .hIGiqp span{z-index:10;}/*!sc*/ .hIGiqp::after{content:'';width:100%;height:100%;display:inline-block;position:absolute;border-radius:6px;padding:1.5px;z-index:999;background:linear-gradient(29.98deg,rgba(255,254,250,0.7) 23.72%,rgba(255,254,250,0) 107.71%);-webkit-mask:linear-gradient(#fff 0 0) content-box,linear-gradient(#fff 0 0);-webkit-mask-composite:xor;-webkit-mask-composite:exclude;mask-composite:exclude;-webkit-transition:all 0.4s ease-in-out;transition:all 0.4s ease-in-out;}/*!sc*/ .hIGiqp:active::after{background:linear-gradient(0deg,rgba(0,0,0,0.2),rgba(0,0,0,0.2)),linear-gradient(29.98deg,rgba(255,254,250,0.7) 23.72%,rgba(255,254,250,0) 107.71%);}/*!sc*/ .hIGiqp:hover::after{background:linear-gradient(29.98deg,rgba(255,254,250,0.8) 23.72%,rgba(255,254,250,0) 107.71%);}/*!sc*/ .hIGiqp:disabled::after{background:linear-gradient(29.98deg,rgba(255,254,250,0.7) 23.72%,rgba(255,254,250,0) 107.71%);}/*!sc*/ .iBRLYD{margin:0;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;background:radial-gradient(223% 105.53% at 6.05% 199.17%,rgba(255,255,255,0.14) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(31.68% 130.91% at 100% 0%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(43.14% 139.47% at 0% 136.21%,rgba(227,235,255,0.30) 0%,rgba(255,255,255,0.00) 100%),linear-gradient(170deg,#4016A0 7.99%,#3F59E4 93.36%);border-width:0;border-color:radial-gradient(223% 105.53% at 6.05% 199.17%,rgba(255,255,255,0.14) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(31.68% 130.91% at 100% 0%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(43.14% 139.47% at 0% 136.21%,rgba(227,235,255,0.30) 0%,rgba(255,255,255,0.00) 100%),linear-gradient(170deg,#4016A0 7.99%,#3F59E4 93.36%);border-radius:0.6rem;border-style:solid;color:#FFFEFA;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;font-size:1.6rem;line-height:2.4rem;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;padding:1.2rem 3.2rem;width:100%;height:-webkit-fit-content;height:-moz-fit-content;height:fit-content;-webkit-text-decoration:none;text-decoration:none;-webkit-transition:all 0.4s ease-in-out;transition:all 0.4s ease-in-out;font-family:Aeonik,sans-serif;font-style:normal;font-weight:500;position:relative;overflow:hidden;}/*!sc*/ @media screen and (min-width:900px){.iBRLYD{width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;}}/*!sc*/ .iBRLYD:active{color:rgba(255,254,250,0.8);border-color:radial-gradient(1357.61% 111.93% at 58.53% 60.34%,rgba(255,255,255,0.40) 0%,rgba(180,155,252,0.00) 0.01%,rgba(182,202,255,0.40) 100%),radial-gradient(69% 81.35% at -8.65% 100%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(637.58% 79.63% at 96.25% -14.82%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(1373.34% 61.44% at -8.75% 153.45%,rgba(227,235,255,0.30) 0%,rgba(255,255,255,0.00) 100%),linear-gradient(170deg,#3F59E4 7.99%,#3F59E4 93.36%);background:linear-gradient(0deg,rgba(0,0,0,0.20) 0%,rgba(0,0,0,0.20) 100%),radial-gradient(1357.61% 111.93% at 58.53% 60.34%,rgba(255,255,255,0.40) 0%,rgba(180,155,252,0.00) 0.01%,rgba(182,202,255,0.40) 100%),radial-gradient(69% 81.35% at -8.65% 100%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(637.58% 79.63% at 96.25% -14.82%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(1373.34% 61.44% at -8.75% 153.45%,rgba(227,235,255,0.30) 0%,rgba(255,255,255,0.00) 100%),linear-gradient(170deg,#3F59E4 7.99%,#3F59E4 93.36%);-webkit-backdrop-filter:blur(34px);backdrop-filter:blur(34px);}/*!sc*/ .iBRLYD:hover{-webkit-transition:all 0.4s ease-in-out;transition:all 0.4s ease-in-out;border-color:radial-gradient(1357.61% 111.93% at 58.53% 60.34%,rgba(255,255,255,0.40) 0%,rgba(180,155,252,0.00) 0.01%,rgba(182,202,255,0.40) 100%),radial-gradient(69% 81.35% at -8.65% 100%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(637.58% 79.63% at 96.25% -14.82%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(1373.34% 61.44% at -8.75% 153.45%,rgba(227,235,255,0.30) 0%,rgba(255,255,255,0.00) 100%),linear-gradient(170deg,#3F59E4 7.99%,#3F59E4 93.36%);color:#FFFEFA;background:radial-gradient(1357.61% 111.93% at 58.53% 60.34%,rgba(255,255,255,0.40) 0%,rgba(180,155,252,0.00) 0.01%,rgba(182,202,255,0.40) 100%),radial-gradient(69% 81.35% at -8.65% 100%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(637.58% 79.63% at 96.25% -14.82%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(1373.34% 61.44% at -8.75% 153.45%,rgba(227,235,255,0.30) 0%,rgba(255,255,255,0.00) 100%),linear-gradient(170deg,#3F59E4 7.99%,#3F59E4 93.36%);cursor:pointer;-webkit-backdrop-filter:blur(34px);backdrop-filter:blur(34px);}/*!sc*/ .iBRLYD:hover{box-shadow:0px 8px 55px 0px rgba(182,202,255,0.24);}/*!sc*/ .iBRLYD:active{box-shadow:0px 8px 55px 0px rgba(182,202,255,0.24);}/*!sc*/ .iBRLYD span{z-index:3;}/*!sc*/ .iBRLYD:hover{background:radial-gradient(223% 105.53% at 6.05% 199.17%,rgba(255,255,255,0.14) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(31.68% 130.91% at 100% 0%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(43.14% 139.47% at 0% 136.21%,rgba(227,235,255,0.30) 0%,rgba(255,255,255,0.00) 100%),linear-gradient(170deg,#4016A0 7.99%,#3F59E4 93.36%);}/*!sc*/ .iBRLYD::before{content:'';width:100%;height:100%;display:inline-block;background:radial-gradient(1357.61% 111.93% at 58.53% 60.34%,rgba(255,255,255,0.40) 0%,rgba(180,155,252,0.00) 0.01%,rgba(182,202,255,0.40) 100%),radial-gradient(69% 81.35% at -8.65% 100%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(637.58% 79.63% at 96.25% -14.82%,rgba(255,255,255,0.20) 0%,rgba(255,255,255,0.00) 100%),radial-gradient(1373.34% 61.44% at -8.75% 153.45%,rgba(227,235,255,0.30) 0%,rgba(255,255,255,0.00) 100%),linear-gradient(170deg,#3F59E4 7.99%,#3F59E4 93.36%);opacity:0;position:absolute;-webkit-transition:all 0.4s ease-in-out;transition:all 0.4s ease-in-out;}/*!sc*/ .iBRLYD:hover::before{opacity:1;}/*!sc*/ .hdjqdc{margin:0;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;background:#635DFF;border-color:#635DFF;border-radius:0.6rem;border-style:solid;color:#FFFFFF;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;font-size:1.6rem;line-height:2.4rem;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;padding:1.2rem 3.2rem;width:100%;height:-webkit-fit-content;height:-moz-fit-content;height:fit-content;-webkit-text-decoration:none;text-decoration:none;-webkit-transition:all 0.25s cubic-bezier(0.4,0,0.2,1);transition:all 0.25s cubic-bezier(0.4,0,0.2,1);font-family:Inter,sans-serif;font-style:normal;font-weight:500;position:relative;overflow:hidden;}/*!sc*/ @media screen and (min-width:900px){.hdjqdc{width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;}}/*!sc*/ .hdjqdc:active{color:#FFFFFF80;}/*!sc*/ .hdjqdc:hover{-webkit-transition:all 0.25s cubic-bezier(0.4,0,0.2,1);transition:all 0.25s cubic-bezier(0.4,0,0.2,1);color:#FFFFFF;background:#564ED1;cursor:pointer;}/*!sc*/ .hdjqdc:after{content:'→';padding-left:0.8rem;display:inline-block;position:relative;z-index:1;}/*!sc*/ data-styled.g2[id="styled__Button-sc-1hwml9q-0"]{content:"gvYGiu,hIGiqp,iBRLYD,hdjqdc,"}/*!sc*/ .hWziJK.hWziJK.hWziJK{color:#99A7F1;-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .dCCmSO.dCCmSO.dCCmSO{width:100%;}/*!sc*/ .isBdzo.isBdzo.isBdzo{margin-top:1.6rem;width:100%;}/*!sc*/ .ktXiRB.ktXiRB.ktXiRB{color:#ABABAB;font-weight:500;line-height:1.8rem;margin-bottom:2.1rem;}/*!sc*/ .fwumGB.fwumGB.fwumGB{-webkit-text-decoration:none;text-decoration:none;line-height:2.2rem;}/*!sc*/ .jhxKr.jhxKr.jhxKr{color:#8c929c;margin:0;}/*!sc*/ .cKkyKw.cKkyKw.cKkyKw{font-family:Aeonik,sans-serif;color:#FFFFFF;margin:0.4rem 0 0;font-weight:500;font-size:1.6rem;line-height:2rem;}/*!sc*/ .hQjuhG.hQjuhG.hQjuhG{display:block;-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .BcxXA.BcxXA.BcxXA{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .fnEKIk.fnEKIk.fnEKIk{font-family:Aeonik,sans-serif;color:#e5e5e5;font-size:1.4rem;-webkit-letter-spacing:0.015rem;-moz-letter-spacing:0.015rem;-ms-letter-spacing:0.015rem;letter-spacing:0.015rem;line-height:2rem;}/*!sc*/ .gcXwVY.gcXwVY.gcXwVY{color:#8c929c;}/*!sc*/ .bHOya.bHOya.bHOya{-webkit-text-decoration:none;text-decoration:none;display:block;}/*!sc*/ .dUfJVa.dUfJVa.dUfJVa{margin-right:1.6rem;-webkit-letter-spacing:0.032rem;-moz-letter-spacing:0.032rem;-ms-letter-spacing:0.032rem;letter-spacing:0.032rem;white-space:nowrap;}/*!sc*/ @media screen and (min-width:1200px){.dUfJVa.dUfJVa.dUfJVa{padding:0.8rem 2.4rem;}}/*!sc*/ .cndUul.cndUul.cndUul{-webkit-letter-spacing:0.032rem;-moz-letter-spacing:0.032rem;-ms-letter-spacing:0.032rem;letter-spacing:0.032rem;white-space:nowrap;}/*!sc*/ @media screen and (min-width:1200px){.cndUul.cndUul.cndUul{padding:0.8rem 2.2rem;}}/*!sc*/ .jezRKS.jezRKS.jezRKS{font-family:Inter;font-weight:500;}/*!sc*/ .dTPLMd.dTPLMd.dTPLMd{text-transform:capitalize;color:white;white-space:nowrap;line-height:3.2rem;}/*!sc*/ .hgXRwi.hgXRwi.hgXRwi{color:#1E212A;}/*!sc*/ .bAoEZo.bAoEZo.bAoEZo{color:#635DFF;font-weight:500;}/*!sc*/ .bBntAC.bBntAC.bBntAC{color:#FFFFFF;}/*!sc*/ .ljpwTk.ljpwTk.ljpwTk{color:#DADFE8;}/*!sc*/ .dLXTcP.dLXTcP.dLXTcP{font-weight:500;}/*!sc*/ .cHhniM.cHhniM.cHhniM{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .hTUVnp.hTUVnp.hTUVnp{color:#80868F;margin:0;}/*!sc*/ .cFkooD.cFkooD.cFkooD{border-top:0.1rem solid #5a5f66;padding:2.4rem 1.6rem;color:#80868F;margin:0;}/*!sc*/ data-styled.g3[id="utils-sc-11hlfw-0"]{content:"hWziJK,dCCmSO,isBdzo,ktXiRB,fwumGB,jhxKr,cKkyKw,hQjuhG,BcxXA,fnEKIk,gcXwVY,bHOya,dUfJVa,cndUul,jezRKS,dmQvNV,dTPLMd,hgXRwi,bAoEZo,bBntAC,ljpwTk,dLXTcP,cHhniM,hTUVnp,cFkooD,"}/*!sc*/ .ieuKTj{margin:0 0 1.6rem 0;color:#ABABAB;font-family:'Aeonik Mono',monospace;font-style:NORMAL;font-weight:500;font-size:1.4rem;-webkit-letter-spacing:0.1rem;-moz-letter-spacing:0.1rem;-ms-letter-spacing:0.1rem;letter-spacing:0.1rem;line-height:2rem;text-transform:uppercase;padding:0;}/*!sc*/ @media screen and (min-width:900px){.ieuKTj{color:#ABABAB;font-family:'Aeonik Mono',monospace;font-style:NORMAL;font-weight:500;font-size:1.4rem;-webkit-letter-spacing:0.1rem;-moz-letter-spacing:0.1rem;-ms-letter-spacing:0.1rem;letter-spacing:0.1rem;line-height:2rem;}}/*!sc*/ @media screen and (min-width:1200px){.ieuKTj{color:#ABABAB;font-family:'Aeonik Mono',monospace;font-style:NORMAL;font-weight:500;font-size:1.4rem;-webkit-letter-spacing:0.1rem;-moz-letter-spacing:0.1rem;-ms-letter-spacing:0.1rem;letter-spacing:0.1rem;line-height:2rem;}}/*!sc*/ .dveEmL{margin:0 0 1.6rem 0;color:#8B929B;font-family:SpaceGrotesk,monospace;font-style:NORMAL;font-weight:600;font-size:1.2rem;-webkit-letter-spacing:0.12rem;-moz-letter-spacing:0.12rem;-ms-letter-spacing:0.12rem;letter-spacing:0.12rem;line-height:1.8rem;text-transform:uppercase;padding:0;}/*!sc*/ @media screen and (min-width:900px){.dveEmL{color:#8B929B;font-family:SpaceGrotesk,monospace;font-style:NORMAL;font-weight:600;font-size:1.4rem;-webkit-letter-spacing:0.15rem;-moz-letter-spacing:0.15rem;-ms-letter-spacing:0.15rem;letter-spacing:0.15rem;line-height:2rem;}}/*!sc*/ @media screen and (min-width:1200px){.dveEmL{color:#8B929B;font-family:SpaceGrotesk,monospace;font-style:NORMAL;font-weight:600;font-size:1.4rem;-webkit-letter-spacing:0.15rem;-moz-letter-spacing:0.15rem;-ms-letter-spacing:0.15rem;letter-spacing:0.15rem;line-height:2rem;}}/*!sc*/ data-styled.g7[id="styled__Overline-sc-165cfko-0"]{content:"ieuKTj,dveEmL,"}/*!sc*/ .emycaI{margin:0 0 1.6rem 0;color:#E5E5E5;font-family:Aeonik,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.8rem;-webkit-letter-spacing:0.0125rem;-moz-letter-spacing:0.0125rem;-ms-letter-spacing:0.0125rem;letter-spacing:0.0125rem;line-height:2.5rem;color:#FFFEFA;padding:0;}/*!sc*/ @media screen and (min-width:900px){.emycaI{color:#E5E5E5;font-family:Aeonik,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.8rem;-webkit-letter-spacing:0.0125rem;-moz-letter-spacing:0.0125rem;-ms-letter-spacing:0.0125rem;letter-spacing:0.0125rem;line-height:2.5rem;color:#FFFEFA;}}/*!sc*/ @media screen and (min-width:1200px){.emycaI{color:#E5E5E5;font-family:Aeonik,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.8rem;-webkit-letter-spacing:0.0125rem;-moz-letter-spacing:0.0125rem;-ms-letter-spacing:0.0125rem;letter-spacing:0.0125rem;line-height:2.5rem;color:#FFFEFA;}}/*!sc*/ .jpLEXt{margin:0 0 1.6rem 0;color:#E5E5E5;font-family:Aeonik,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.4rem;-webkit-letter-spacing:0.015rem;-moz-letter-spacing:0.015rem;-ms-letter-spacing:0.015rem;letter-spacing:0.015rem;line-height:2rem;color:#FFFEFA;padding:0;}/*!sc*/ @media screen and (min-width:900px){.jpLEXt{color:#E5E5E5;font-family:Aeonik,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.4rem;-webkit-letter-spacing:0.015rem;-moz-letter-spacing:0.015rem;-ms-letter-spacing:0.015rem;letter-spacing:0.015rem;line-height:2rem;color:#FFFEFA;}}/*!sc*/ @media screen and (min-width:1200px){.jpLEXt{color:#E5E5E5;font-family:Aeonik,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.4rem;-webkit-letter-spacing:0.015rem;-moz-letter-spacing:0.015rem;-ms-letter-spacing:0.015rem;letter-spacing:0.015rem;line-height:2rem;color:#FFFEFA;}}/*!sc*/ .iHUhgQ{margin:0 0 4rem;color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.8rem;-webkit-letter-spacing:-0.005rem;-moz-letter-spacing:-0.005rem;-ms-letter-spacing:-0.005rem;letter-spacing:-0.005rem;line-height:2.8rem;color:#FFFFFF;padding:0;}/*!sc*/ @media screen and (min-width:900px){.iHUhgQ{color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.8rem;-webkit-letter-spacing:-0.005rem;-moz-letter-spacing:-0.005rem;-ms-letter-spacing:-0.005rem;letter-spacing:-0.005rem;line-height:2.8rem;color:#FFFFFF;}}/*!sc*/ @media screen and (min-width:1200px){.iHUhgQ{color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:2rem;-webkit-letter-spacing:-0.01rem;-moz-letter-spacing:-0.01rem;-ms-letter-spacing:-0.01rem;letter-spacing:-0.01rem;line-height:3.2rem;color:#FFFFFF;}}/*!sc*/ .fDNRCP{margin:auto 0 0;color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#FFFFFF;padding:0;}/*!sc*/ @media screen and (min-width:900px){.fDNRCP{color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.6rem;-webkit-letter-spacing:-0.001rem;-moz-letter-spacing:-0.001rem;-ms-letter-spacing:-0.001rem;letter-spacing:-0.001rem;line-height:2.4rem;color:#FFFFFF;}}/*!sc*/ @media screen and (min-width:1200px){.fDNRCP{color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.6rem;-webkit-letter-spacing:-0.001rem;-moz-letter-spacing:-0.001rem;-ms-letter-spacing:-0.001rem;letter-spacing:-0.001rem;line-height:2.4rem;color:#FFFFFF;}}/*!sc*/ .dGFrmP{margin:0 0 3.2rem;color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.8rem;-webkit-letter-spacing:-0.005rem;-moz-letter-spacing:-0.005rem;-ms-letter-spacing:-0.005rem;letter-spacing:-0.005rem;line-height:2.8rem;color:#FFFFFF;padding:0;}/*!sc*/ @media screen and (min-width:900px){.dGFrmP{color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.8rem;-webkit-letter-spacing:-0.005rem;-moz-letter-spacing:-0.005rem;-ms-letter-spacing:-0.005rem;letter-spacing:-0.005rem;line-height:2.8rem;color:#FFFFFF;}}/*!sc*/ @media screen and (min-width:1200px){.dGFrmP{color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:2rem;-webkit-letter-spacing:-0.01rem;-moz-letter-spacing:-0.01rem;-ms-letter-spacing:-0.01rem;letter-spacing:-0.01rem;line-height:3.2rem;color:#FFFFFF;}}/*!sc*/ .kGYMnY{margin:0;color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#FFFFFF;padding:0;}/*!sc*/ @media screen and (min-width:900px){.kGYMnY{color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#FFFFFF;}}/*!sc*/ @media screen and (min-width:1200px){.kGYMnY{color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#FFFFFF;}}/*!sc*/ .iLVGZP{margin:0 0 1.6rem 0;color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#FFFFFF;padding:0;}/*!sc*/ @media screen and (min-width:900px){.iLVGZP{color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#FFFFFF;}}/*!sc*/ @media screen and (min-width:1200px){.iLVGZP{color:#41454C;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:400;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#FFFFFF;}}/*!sc*/ data-styled.g8[id="styled__Paragraph-sc-165cfko-1"]{content:"emycaI,jpLEXt,iHUhgQ,fDNRCP,dGFrmP,kGYMnY,iLVGZP,"}/*!sc*/ .egthED{margin:0 0 2.4rem;color:#1E212A;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:500;font-size:2.4rem;-webkit-letter-spacing:-0.02rem;-moz-letter-spacing:-0.02rem;-ms-letter-spacing:-0.02rem;letter-spacing:-0.02rem;line-height:3.2rem;color:#FFFFFF;padding:0;}/*!sc*/ @media screen and (min-width:900px){.egthED{margin:0;}}/*!sc*/ @media screen and (min-width:900px){.egthED{color:#1E212A;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:500;font-size:2.4rem;-webkit-letter-spacing:-0.02rem;-moz-letter-spacing:-0.02rem;-ms-letter-spacing:-0.02rem;letter-spacing:-0.02rem;line-height:3.2rem;color:#FFFFFF;}}/*!sc*/ @media screen and (min-width:1200px){.egthED{color:#1E212A;font-family:Inter,sans-serif;font-style:NORMAL;font-weight:500;font-size:2.4rem;-webkit-letter-spacing:-0.02rem;-moz-letter-spacing:-0.02rem;-ms-letter-spacing:-0.02rem;letter-spacing:-0.02rem;line-height:3.2rem;color:#FFFFFF;}}/*!sc*/ .gdQOyr{margin:0 0 0.8rem;color:#1E212A;font-family:SpaceGrotesk,sans-serif;font-style:NORMAL;font-weight:600;font-size:3.2rem;-webkit-letter-spacing:-0.05rem;-moz-letter-spacing:-0.05rem;-ms-letter-spacing:-0.05rem;letter-spacing:-0.05rem;line-height:4rem;color:#FFFFFF;padding:0;}/*!sc*/ @media screen and (min-width:1200px){.gdQOyr{margin:0 0 1.2rem;}}/*!sc*/ @media screen and (min-width:900px){.gdQOyr{color:#1E212A;font-family:SpaceGrotesk,sans-serif;font-style:NORMAL;font-weight:600;font-size:3.2rem;-webkit-letter-spacing:-0.05rem;-moz-letter-spacing:-0.05rem;-ms-letter-spacing:-0.05rem;letter-spacing:-0.05rem;line-height:4rem;color:#FFFFFF;}}/*!sc*/ @media screen and (min-width:1200px){.gdQOyr{color:#1E212A;font-family:SpaceGrotesk,sans-serif;font-style:NORMAL;font-weight:600;font-size:4rem;-webkit-letter-spacing:-0.08rem;-moz-letter-spacing:-0.08rem;-ms-letter-spacing:-0.08rem;letter-spacing:-0.08rem;line-height:4.4rem;color:#FFFFFF;}}/*!sc*/ data-styled.g9[id="styled__Heading-sc-165cfko-2"]{content:"egthED,gdQOyr,"}/*!sc*/ .iuGKQI{margin:0 0 2.4rem;color:#1E212A;font-family:SpaceGrotesk,sans-serif;font-style:NORMAL;font-weight:600;font-size:4.8rem;-webkit-letter-spacing:-0.11000000000000001rem;-moz-letter-spacing:-0.11000000000000001rem;-ms-letter-spacing:-0.11000000000000001rem;letter-spacing:-0.11000000000000001rem;line-height:5.6rem;padding:0;color:#FFFFFF;}/*!sc*/ @media screen and (min-width:900px){.iuGKQI{color:#1E212A;font-family:SpaceGrotesk,sans-serif;font-style:NORMAL;font-weight:600;font-size:8rem;-webkit-letter-spacing:-0.22000000000000003rem;-moz-letter-spacing:-0.22000000000000003rem;-ms-letter-spacing:-0.22000000000000003rem;letter-spacing:-0.22000000000000003rem;line-height:8.8rem;color:#FFFFFF;}}/*!sc*/ @media screen and (min-width:1200px){.iuGKQI{color:#1E212A;font-family:SpaceGrotesk,sans-serif;font-style:NORMAL;font-weight:600;font-size:12rem;-webkit-letter-spacing:-0.3rem;-moz-letter-spacing:-0.3rem;-ms-letter-spacing:-0.3rem;letter-spacing:-0.3rem;line-height:12rem;color:#FFFFFF;}}/*!sc*/ data-styled.g10[id="styled__Display-sc-165cfko-3"]{content:"iuGKQI,"}/*!sc*/ .idMVZG{margin:0;padding:0;font-family:Aeonik,sans-serif !important;color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.8rem;-webkit-letter-spacing:-0.005rem;-moz-letter-spacing:-0.005rem;-ms-letter-spacing:-0.005rem;letter-spacing:-0.005rem;line-height:2.8rem;color:#99A7F1;-webkit-text-decoration:underline;text-decoration:underline;text-underline-offset:0.3rem;cursor:pointer;width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;}/*!sc*/ @media screen and (min-width:900px){.idMVZG{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.8rem;-webkit-letter-spacing:-0.005rem;-moz-letter-spacing:-0.005rem;-ms-letter-spacing:-0.005rem;letter-spacing:-0.005rem;line-height:2.8rem;color:#99A7F1;}}/*!sc*/ @media screen and (min-width:1200px){.idMVZG{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.8rem;-webkit-letter-spacing:-0.005rem;-moz-letter-spacing:-0.005rem;-ms-letter-spacing:-0.005rem;letter-spacing:-0.005rem;line-height:2.8rem;color:#99A7F1;}}/*!sc*/ .idMVZG:hover{color:#B6CAFF;cursor:pointer;-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .idMVZG:active{color:#3F59E4;}/*!sc*/ .idMVZG:focus-visible{outline:0.2rem solid #99A7F1;border-radius:0.4rem;color:#99A7F1;}/*!sc*/ .idMVZG:after{content:'→';padding-left:0.8rem;display:inline-block;}/*!sc*/ .lcJMmc{margin:0;padding:0;font-family:Aeonik,sans-serif !important;color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#99A7F1;-webkit-text-decoration:underline;text-decoration:underline;text-underline-offset:0.3rem;cursor:pointer;width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;}/*!sc*/ @media screen and (min-width:900px){.lcJMmc{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.6rem;-webkit-letter-spacing:-0.001rem;-moz-letter-spacing:-0.001rem;-ms-letter-spacing:-0.001rem;letter-spacing:-0.001rem;line-height:2.4rem;color:#99A7F1;}}/*!sc*/ @media screen and (min-width:1200px){.lcJMmc{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.6rem;-webkit-letter-spacing:-0.001rem;-moz-letter-spacing:-0.001rem;-ms-letter-spacing:-0.001rem;letter-spacing:-0.001rem;line-height:2.4rem;color:#99A7F1;}}/*!sc*/ .lcJMmc:hover{color:#B6CAFF;cursor:pointer;-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .lcJMmc:active{color:#3F59E4;}/*!sc*/ .lcJMmc:focus-visible{outline:0.2rem solid #99A7F1;border-radius:0.4rem;color:#99A7F1;}/*!sc*/ .iRnAla{margin:0;padding:0;font-family:Aeonik,sans-serif !important;color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#99A7F1;-webkit-text-decoration:underline;text-decoration:underline;text-underline-offset:0.3rem;cursor:pointer;width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;}/*!sc*/ @media screen and (min-width:900px){.iRnAla{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#99A7F1;}}/*!sc*/ @media screen and (min-width:1200px){.iRnAla{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#99A7F1;}}/*!sc*/ .iRnAla:hover{color:#B6CAFF;cursor:pointer;-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .iRnAla:active{color:#3F59E4;}/*!sc*/ .iRnAla:focus-visible{outline:0.2rem solid #99A7F1;border-radius:0.4rem;color:#99A7F1;}/*!sc*/ .iRnAla:after{content:'→';padding-left:0.8rem;display:inline-block;}/*!sc*/ .khxxlw{margin:0;padding:0;font-family:Aeonik,sans-serif !important;color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.8rem;-webkit-letter-spacing:-0.005rem;-moz-letter-spacing:-0.005rem;-ms-letter-spacing:-0.005rem;letter-spacing:-0.005rem;line-height:2.8rem;color:#99A7F1;-webkit-text-decoration:underline;text-decoration:underline;text-underline-offset:0.3rem;cursor:pointer;width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;}/*!sc*/ @media screen and (min-width:900px){.khxxlw{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.8rem;-webkit-letter-spacing:-0.005rem;-moz-letter-spacing:-0.005rem;-ms-letter-spacing:-0.005rem;letter-spacing:-0.005rem;line-height:2.8rem;color:#99A7F1;}}/*!sc*/ @media screen and (min-width:1200px){.khxxlw{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.8rem;-webkit-letter-spacing:-0.005rem;-moz-letter-spacing:-0.005rem;-ms-letter-spacing:-0.005rem;letter-spacing:-0.005rem;line-height:2.8rem;color:#99A7F1;}}/*!sc*/ .khxxlw:hover{color:#B6CAFF;cursor:pointer;-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .khxxlw:active{color:#3F59E4;}/*!sc*/ .khxxlw:focus-visible{outline:0.2rem solid #99A7F1;border-radius:0.4rem;color:#99A7F1;}/*!sc*/ .eDcEPo{margin:0;padding:0;font-family:Inter,sans-serif !important;color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#BCBAFF;-webkit-text-decoration:none;text-decoration:none;text-underline-offset:0.3rem;cursor:pointer;width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;}/*!sc*/ @media screen and (min-width:900px){.eDcEPo{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.6rem;-webkit-letter-spacing:-0.001rem;-moz-letter-spacing:-0.001rem;-ms-letter-spacing:-0.001rem;letter-spacing:-0.001rem;line-height:2.4rem;color:#BCBAFF;}}/*!sc*/ @media screen and (min-width:1200px){.eDcEPo{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.6rem;-webkit-letter-spacing:-0.001rem;-moz-letter-spacing:-0.001rem;-ms-letter-spacing:-0.001rem;letter-spacing:-0.001rem;line-height:2.4rem;color:#BCBAFF;}}/*!sc*/ .eDcEPo:hover{color:#E9E8FF;cursor:pointer;-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .eDcEPo:active{color:#908BFF;}/*!sc*/ .eDcEPo:focus-visible{outline:0.4rem solid #635DFFCC;border-radius:0.4rem;color:#BCBAFF;}/*!sc*/ .ccVfFM{margin:0;padding:0;font-family:Inter,sans-serif !important;color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#BCBAFF;-webkit-text-decoration:none;text-decoration:none;text-underline-offset:0.3rem;cursor:pointer;width:-webkit-fit-content;width:-moz-fit-content;width:fit-content;}/*!sc*/ @media screen and (min-width:900px){.ccVfFM{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#BCBAFF;}}/*!sc*/ @media screen and (min-width:1200px){.ccVfFM{color:#635DFF;font-family:Inter;font-style:NORMAL;font-weight:500;font-size:1.4rem;-webkit-letter-spacing:0rem;-moz-letter-spacing:0rem;-ms-letter-spacing:0rem;letter-spacing:0rem;line-height:2.2rem;color:#BCBAFF;}}/*!sc*/ .ccVfFM:hover{color:#E9E8FF;cursor:pointer;-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ .ccVfFM:active{color:#908BFF;}/*!sc*/ .ccVfFM:focus-visible{outline:0.4rem solid #635DFFCC;border-radius:0.4rem;color:#BCBAFF;}/*!sc*/ data-styled.g11[id="styled__Link-sc-bubr9x-0"]{content:"idMVZG,lcJMmc,iRnAla,khxxlw,eDcEPo,ccVfFM,"}/*!sc*/ :root{--content-width:120rem;--font-main:'fakt-web',sans-serif;}/*!sc*/ body{box-sizing:border-box;font-family:var(--font-main);}/*!sc*/ html{font-size:10px;}/*!sc*/ data-styled.g176[id="sc-global-clike1"]{content:"sc-global-clike1,"}/*!sc*/ @font-face{font-family:'Inter';font-style:normal;font-weight:400;font-display:swap;src:local('Inter-Regular'), url('https://cdn.auth0.com/website/fonts/Inter-Regular.woff2') format('woff2');}/*!sc*/ @font-face{font-family:'Inter';font-style:normal;font-weight:500;font-display:swap;src:local('Inter-Medium'), url('https://cdn.auth0.com/website/fonts/Inter-Medium.woff2') format('woff2');}/*!sc*/ @font-face{font-family:'Inter';font-style:normal;font-weight:700;font-display:swap;src:local('Inter-Bold'), url('https://cdn.auth0.com/website/fonts/Inter-Bold.woff2') format('woff2');}/*!sc*/ @font-face{font-family:'SpaceGrotesk';font-style:normal;font-weight:500;font-display:swap;font-feature-settings:'zero','ss02' off,'ss03' on,'ss04' on;src:local('SpaceGrotesk-Medium'), url('https://cdn.auth0.com/website/fonts/SpaceGrotesk-Medium.woff2') format('woff2');}/*!sc*/ @font-face{font-family:'SpaceGrotesk';font-style:normal;font-weight:600;font-display:swap;font-feature-settings:'zero','ss02' off,'ss03' on,'ss04' on;src:local('SpaceGrotesk-SemiBold'), url('https://cdn.auth0.com/website/fonts/SpaceGrotesk-SemiBold.woff2') format('woff2');}/*!sc*/ @font-face{font-family:'RobotoMono';font-style:normal;font-weight:400;font-display:swap;src:local('RobotoMono-Regular'), url('https://cdn.auth0.com/quantum-fonts/lib/0.0.9/roboto-mono/files/roboto-mono-latin-400-normal.woff2') format('woff2');}/*!sc*/ @font-face{font-family:'Aeonik';font-style:normal;font-weight:400;font-display:swap;src:local('Aeonik-Regular'), url('https://cdn.auth0.com/website/cic-homepage/fonts/Aeonik-Regular.woff2') format('woff2');}/*!sc*/ @font-face{font-family:'Aeonik';font-style:normal;font-weight:500;font-display:swap;src:local('Aeonik-Medium'), url('https://cdn.auth0.com/website/cic-homepage/fonts/Aeonik-Medium.woff2') format('woff2');}/*!sc*/ @font-face{font-family:'Aeonik';font-style:normal;font-weight:500;font-display:swap;src:local('Aeonik-Medium'), url('https://cdn.auth0.com/website/cic-homepage/fonts/Aeonik-Medium.woff2') format('woff2');}/*!sc*/ @font-face{font-family:'Aeonik Mono';font-style:normal;font-weight:400;font-display:swap;src:local('AeonikMono-Regular'), url('https://cdn.auth0.com/website/okta-fonts/AeonikMono-Regular.woff2') format('woff2');}/*!sc*/ @font-face{font-family:'Aeonik Mono';font-style:normal;font-weight:500;font-display:swap;src:local('AeonikMono-Medium'), url('https://cdn.auth0.com/website/okta-fonts/AeonikMono-Medium.ttf') format('woff2');}/*!sc*/ data-styled.g177[id="sc-global-bZiXeF1"]{content:"sc-global-bZiXeF1,"}/*!sc*/ html{font-size:62.5%;}/*!sc*/ html h1,html h2,html h3,html h4,html h5,html h6{font-feature-settings:'zero';}/*!sc*/ a:focus{outline:-webkit-focus-ring-color auto 0.2rem;outline-offset:0.1rem;}/*!sc*/ data-styled.g178[id="sc-global-ktqmOE1"]{content:"sc-global-ktqmOE1,"}/*!sc*/ .SOwTF{background:#111;display:none;position:fixed;z-index:100;top:10.4rem;bottom:0;left:0;right:0;width:100%;overflow:auto;}/*!sc*/ data-styled.g179[id="sc-48604b4d-0"]{content:"SOwTF,"}/*!sc*/ .dYTUtR{margin-bottom:15rem;padding-left:0;}/*!sc*/ data-styled.g180[id="sc-48604b4d-1"]{content:"dYTUtR,"}/*!sc*/ .iuroVT{list-style:none;width:100%;border-bottom:0.1rem solid #2A2A2A;}/*!sc*/ .iuroVT:first-of-type{border-top:0.1rem solid #2A2A2A;}/*!sc*/ data-styled.g181[id="sc-48604b4d-2"]{content:"iuroVT,"}/*!sc*/ .UJeau{padding:2.4rem 2rem 2.4rem 1.6rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;}/*!sc*/ @media screen and (min-width:900px){.UJeau{padding-left:6.4rem;padding-right:6.4rem;}}/*!sc*/ data-styled.g182[id="sc-48604b4d-3"]{content:"UJeau,"}/*!sc*/ .igjQFT{font-family:Aeonik,sans-serif;font-weight:500;font-size:2rem;line-height:2.8rem;-webkit-letter-spacing:-0.01rem;-moz-letter-spacing:-0.01rem;-ms-letter-spacing:-0.01rem;letter-spacing:-0.01rem;color:#FFFEFA;display:inline-block;width:100%;}/*!sc*/ .igjQFT:hover{color:#BCBAFF;}/*!sc*/ data-styled.g183[id="sc-48604b4d-4"]{content:"igjQFT,"}/*!sc*/ .hUFtQd{font-family:Aeonik,sans-serif;font-weight:500;font-size:2rem;line-height:2.8rem;-webkit-letter-spacing:0.01rem;-moz-letter-spacing:0.01rem;-ms-letter-spacing:0.01rem;letter-spacing:0.01rem;color:#FFFEFA;margin:0;padding:2.4rem 0 2.4rem 1.6rem;position:relative;-webkit-transition:color 0.2s;transition:color 0.2s;}/*!sc*/ .hUFtQd::before{border-style:solid;border-width:0.1em 0.1em 0 0;content:'';display:inline-block;height:1.4rem;right:3rem;top:calc(50% - 0.83rem);position:absolute;vertical-align:top;width:1.4rem;-webkit-transform:rotate(135deg);-ms-transform:rotate(135deg);transform:rotate(135deg);-webkit-transition:-webkit-transform 0.4s ease;-webkit-transition:transform 0.4s ease;transition:transform 0.4s ease;}/*!sc*/ @media screen and (min-width:900px){.hUFtQd{padding-left:6.4rem;}.hUFtQd:before{right:7rem;}}/*!sc*/ data-styled.g184[id="sc-48604b4d-5"]{content:"hUFtQd,"}/*!sc*/ .ldmKKE{overflow:hidden;height:auto;-webkit-transition:max-height 0.3s ease-out;transition:max-height 0.3s ease-out;padding-left:1.6rem;background:#191919;height:0;max-height:0;}/*!sc*/ @media screen and (min-width:900px){.ldmKKE{padding-left:6.4rem;}}/*!sc*/ data-styled.g185[id="sc-48604b4d-6"]{content:"ldmKKE,"}/*!sc*/ .kzEdNm:not(:last-of-type){margin-bottom:3.2rem;}/*!sc*/ .kzEdNm:last-of-type{padding-bottom:1.6rem;}/*!sc*/ data-styled.g186[id="sc-48604b4d-7"]{content:"kzEdNm,"}/*!sc*/ .iDtUXN{font-family:Aeonik Mono,monospace;font-size:1.4rem;line-height:2rem;font-weight:500;-webkit-letter-spacing:0.14rem;-moz-letter-spacing:0.14rem;-ms-letter-spacing:0.14rem;letter-spacing:0.14rem;text-transform:uppercase;color:#8c929c;margin:0 0 2rem;padding-top:3.2rem;}/*!sc*/ data-styled.g187[id="sc-48604b4d-8"]{content:"iDtUXN,"}/*!sc*/ .dIBWQm{list-style:none;padding:0;margin:0;}/*!sc*/ data-styled.g189[id="sc-48604b4d-10"]{content:"dIBWQm,"}/*!sc*/ .fvHSWT{font-family:Aeonik,sans-serif;font-size:2rem;line-height:2.8rem;-webkit-letter-spacing:0.01rem;-moz-letter-spacing:0.01rem;-ms-letter-spacing:0.01rem;letter-spacing:0.01rem;margin-bottom:2rem;}/*!sc*/ .fvHSWT a{color:#FFFEFA;display:inline-block;width:100%;}/*!sc*/ .fvHSWT a:hover{color:#BCBAFF;}/*!sc*/ data-styled.g190[id="sc-48604b4d-11"]{content:"fvHSWT,"}/*!sc*/ .hintby{border:none;color:#FFFEFA;background:none;font-size:1.6rem;line-height:2.4rem;-webkit-letter-spacing:-0.001rem;-moz-letter-spacing:-0.001rem;-ms-letter-spacing:-0.001rem;letter-spacing:-0.001rem;}/*!sc*/ data-styled.g191[id="sc-48604b4d-12"]{content:"hintby,"}/*!sc*/ .bOieih{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;}/*!sc*/ data-styled.g192[id="sc-48604b4d-13"]{content:"bOieih,"}/*!sc*/ .harwqA{font-weight:500;font-size:1.6rem;line-height:2.4rem;-webkit-letter-spacing:-0.01rem;-moz-letter-spacing:-0.01rem;-ms-letter-spacing:-0.01rem;letter-spacing:-0.01rem;color:#FFFEFA;margin:0 0 0 0.8rem;}/*!sc*/ data-styled.g193[id="sc-48604b4d-14"]{content:"harwqA,"}/*!sc*/ .dMpedj{-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;width:100%;padding:1.6rem;margin:0 auto;border-top:0.1rem solid #2A2A2A;position:fixed;bottom:0;left:0;right:0;text-align:center;background:#111;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;}/*!sc*/ @media screen and (min-width:900px){.dMpedj{padding:3.2rem 6.4rem;}}/*!sc*/ data-styled.g194[id="sc-48604b4d-15"]{content:"dMpedj,"}/*!sc*/ .hydWjh{width:100%;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;gap:1.6rem;}/*!sc*/ data-styled.g197[id="sc-48604b4d-18"]{content:"hydWjh,"}/*!sc*/ .ctGhWm{background:#242424;color:#FFFFFF;width:100%;margin:auto;font-size:1.4rem;line-height:2rem;text-align:left;font-family:Aeonik,sans-serif;border-bottom:0.1rem solid #41454C;border-bottom:0.2rem solid;border-image-slice:1;border-image-source:linear-gradient( 135deg, #4cb7a3 0%, #3f59e4 50%, #4016a0 100% );}/*!sc*/ @media screen and (min-width:900px){.ctGhWm{text-align:left;}}/*!sc*/ data-styled.g199[id="sc-5beafa8a-0"]{content:"ctGhWm,"}/*!sc*/ .fXlPNE{width:100%;max-width:144rem;min-height:4rem;margin:auto;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding:1rem 1.6rem;}/*!sc*/ @media screen and (min-width:900px){.fXlPNE{padding:1rem 6.4rem;}}/*!sc*/ @media screen and (min-width:1200px){.fXlPNE{padding:0 6.4rem;}}/*!sc*/ data-styled.g200[id="sc-5beafa8a-1"]{content:"fXlPNE,"}/*!sc*/ .gnbkUy{-webkit-flex:1;-ms-flex:1;flex:1;padding:0;cursor:pointer;}/*!sc*/ @media screen and (min-width:900px){.gnbkUy{padding:0;}}/*!sc*/ @media screen and (min-width:1200px){.gnbkUy{padding:0.9rem 0;margin-right:2.4rem;}}/*!sc*/ .gnbkUy:hover .sc-5beafa8a-4{color:#B6CAFF;}/*!sc*/ data-styled.g204[id="sc-5beafa8a-5"]{content:"gnbkUy,"}/*!sc*/ .fGOvxz{display:none;}/*!sc*/ @media screen and (min-width:1200px){.fGOvxz{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}}/*!sc*/ data-styled.g205[id="sc-5beafa8a-6"]{content:"fGOvxz,"}/*!sc*/ .iYIAFF{color:#FFFFFF;cursor:pointer;font-weight:500;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}/*!sc*/ .iYIAFF:focus{outline:none;}/*!sc*/ .iYIAFF:hover,.iYIAFF:focus{color:#B6CAFF;}/*!sc*/ data-styled.g206[id="sc-5beafa8a-7"]{content:"iYIAFF,"}/*!sc*/ .eshLTC{cursor:pointer;color:#FFFFFF;margin-left:3.2rem;position:relative;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}/*!sc*/ .eshLTC svg{stroke:#FFFFFF;}/*!sc*/ .eshLTC:hover,.eshLTC:focus-within{color:#B6CAFF;}/*!sc*/ .eshLTC:hover svg,.eshLTC:focus-within svg{stroke:#B6CAFF;}/*!sc*/ data-styled.g207[id="sc-5beafa8a-8"]{content:"eshLTC,"}/*!sc*/ .evcvFz{line-height:2rem;}/*!sc*/ .evcvFz:hover{color:#B6CAFF;-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ data-styled.g208[id="sc-5beafa8a-9"]{content:"evcvFz,"}/*!sc*/ .flgNuK{height:100%;width:100%;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}/*!sc*/ data-styled.g209[id="sc-5beafa8a-10"]{content:"flgNuK,"}/*!sc*/ .jjbnIz{font-weight:500;-webkit-appearance:none;-moz-appearance:none;appearance:none;height:100%;background-color:transparent;border:none;margin:0;font-family:inherit;font-size:inherit;cursor:inherit;line-height:inherit;color:inherit;z-index:1;outline:none;padding-left:2rem;padding-right:1.6rem;text-align:center;width:100%;}/*!sc*/ data-styled.g210[id="sc-5beafa8a-11"]{content:"jjbnIz,"}/*!sc*/ .gUmNqK{left:0;pointer-events:none;position:absolute;top:calc(50% - 1rem);z-index:0;}/*!sc*/ data-styled.g211[id="sc-5beafa8a-12"]{content:"gUmNqK,"}/*!sc*/ .cJXqJO{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;height:100%;pointer-events:none;position:absolute;right:0;z-index:0;}/*!sc*/ data-styled.g212[id="sc-5beafa8a-13"]{content:"cJXqJO,"}/*!sc*/ .eiqtQu{height:10.4rem;width:100%;margin:0 auto;}/*!sc*/ @media screen and (min-width:1200px){.eiqtQu{display:none;}}/*!sc*/ data-styled.g214[id="sc-dd041119-1"]{content:"eiqtQu,"}/*!sc*/ .iaTkkA{height:0.1rem;position:absolute;visibility:hidden;top:0;}/*!sc*/ data-styled.g215[id="sc-dd041119-2"]{content:"iaTkkA,"}/*!sc*/ .ggjfoe{position:fixed;top:0;left:0;width:100%;z-index:1000;color:#FFFEFA;}/*!sc*/ data-styled.g216[id="sc-dd041119-3"]{content:"ggjfoe,"}/*!sc*/ .hvNmHd{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}/*!sc*/ data-styled.g217[id="sc-dd041119-4"]{content:"hvNmHd,"}/*!sc*/ .iDvPUZ{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-flex:1;-ms-flex:1;flex:1;}/*!sc*/ data-styled.g218[id="sc-dd041119-5"]{content:"iDvPUZ,"}/*!sc*/ .dfZXfX{-webkit-transition:background-color 0.2s ease,border-radius 0.2s ease;transition:background-color 0.2s ease,border-radius 0.2s ease;position:relative;display:none;width:100%;max-width:100%;margin:auto;padding:0 6.4rem;background-color:#111;}/*!sc*/ @media screen and (min-width:1200px){.dfZXfX{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;}}/*!sc*/ .dfZXfX:hover{background-color:#111;border-radius:0 0 1.6rem 1.6rem;}/*!sc*/ data-styled.g219[id="sc-dd041119-6"]{content:"dfZXfX,"}/*!sc*/ .kcwluz{max-width:131.2rem;width:100%;margin:auto;-webkit-transition:background-color 0.2s ease,border-radius 0.2s ease;transition:background-color 0.2s ease,border-radius 0.2s ease;position:relative;padding:0 6.4rem;background-color:#111;}/*!sc*/ @media screen and (min-width:1200px){.kcwluz{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;padding:0;}}/*!sc*/ .kcwluz:hover{background-color:#111;border-radius:0 0 1.6rem 1.6rem;}/*!sc*/ data-styled.g220[id="sc-dd041119-7"]{content:"kcwluz,"}/*!sc*/ .goqQNV{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}/*!sc*/ data-styled.g221[id="sc-dd041119-8"]{content:"goqQNV,"}/*!sc*/ .hBBOUu{max-width:144rem;width:100%;margin:auto;padding:1.2rem 1.6rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;background-color:#111;height:6.4rem;box-shadow:inset 0 -0.1rem 0 #2A2A2A;position:relative;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}/*!sc*/ @media screen and (min-width:900px){.hBBOUu{padding:1.6rem 6.4rem;}}/*!sc*/ @media screen and (min-width:1200px){.hBBOUu{display:none;}}/*!sc*/ data-styled.g222[id="sc-dd041119-9"]{content:"hBBOUu,"}/*!sc*/ .lmuCEj{justify-self:flex-end;padding:2rem 0;}/*!sc*/ data-styled.g223[id="sc-dd041119-10"]{content:"lmuCEj,"}/*!sc*/ .librYF{-webkit-appearance:none;-moz-appearance:none;appearance:none;border:0;background:transparent;height:2.4rem;margin:0;padding:0;position:relative;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;cursor:pointer;-webkit-transition:all 0.5s ease-in-out;transition:all 0.5s ease-in-out;}/*!sc*/ data-styled.g224[id="sc-dd041119-11"]{content:"librYF,"}/*!sc*/ .fSwMvz{width:2.2rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;height:0.25rem;background:#FFFFFF;-webkit-transition:all 0.2s ease-in-out;transition:all 0.2s ease-in-out;margin-top:1.2rem;}/*!sc*/ .fSwMvz::before,.fSwMvz::after{content:'';position:absolute;width:2.2rem;height:0.25rem;background:#FFFFFF;-webkit-transition:all 0.2s ease-in-out;transition:all 0.2s ease-in-out;}/*!sc*/ .fSwMvz::before{-webkit-transform:translateY(-0.7rem);-ms-transform:translateY(-0.7rem);transform:translateY(-0.7rem);}/*!sc*/ .fSwMvz::after{-webkit-transform:translateY(0.7rem);-ms-transform:translateY(0.7rem);transform:translateY(0.7rem);}/*!sc*/ data-styled.g225[id="sc-dd041119-12"]{content:"fSwMvz,"}/*!sc*/ .hxYec{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding:0;list-style:none;margin:0;line-height:2.4rem;}/*!sc*/ data-styled.g226[id="sc-dd041119-13"]{content:"hxYec,"}/*!sc*/ .kYjdsM{color:#FFFEFA;cursor:initial;padding-top:0.9rem;width:104.4rem;position:absolute;left:0;right:0;margin:-0.1rem auto 0;top:6.4rem;display:inline-block;visibility:hidden;opacity:0;-webkit-transform:translateX(-1.6rem);-ms-transform:translateX(-1.6rem);transform:translateX(-1.6rem);-webkit-transition:visibility 0s,opacity 0.2s linear,-webkit-transform 0.2s linear;-webkit-transition:visibility 0s,opacity 0.2s linear,transform 0.2s linear;transition:visibility 0s,opacity 0.2s linear,transform 0.2s linear;}/*!sc*/ data-styled.g227[id="sc-dd041119-14"]{content:"kYjdsM,"}/*!sc*/ .jqmQAZ{position:relative;-webkit-transition:color 0.2s ease;transition:color 0.2s ease;color:#FFFEFA;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;}/*!sc*/ .jqmQAZ::after{content:'';-webkit-transition:border-color 0.2s ease,-webkit-transform 0.2s ease;-webkit-transition:border-color 0.2s ease,transform 0.2s ease;transition:border-color 0.2s ease,transform 0.2s ease;width:100%;height:0.2rem;border-bottom:0.2rem solid transparent;display:block;bottom:-1.6rem;position:absolute;left:0;-webkit-transform:scale(0,1);-ms-transform:scale(0,1);transform:scale(0,1);}/*!sc*/ data-styled.g228[id="sc-dd041119-15"]{content:"jqmQAZ,"}/*!sc*/ .guacNV{font-family:Aeonik,sans-serif;padding:1.6rem 1.8rem;cursor:pointer;font-size:1.6rem;font-weight:500;line-height:3.2rem;-webkit-letter-spacing:0.02rem;-moz-letter-spacing:0.02rem;-ms-letter-spacing:0.02rem;letter-spacing:0.02rem;}/*!sc*/ .guacNV .sc-dd041119-15 > svg{stroke:#FFFEFA;-webkit-transition:stroke 0.2s ease;transition:stroke 0.2s ease;padding-left:0.4rem;}/*!sc*/ .guacNV:hover{color:#BCBAFF;}/*!sc*/ .guacNV:hover .sc-dd041119-14{visibility:visible;opacity:1;-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0);}/*!sc*/ .guacNV:hover .sc-dd041119-15{color:#BCBAFF;}/*!sc*/ .guacNV:hover .sc-dd041119-15::after{border-bottom-color:#BCBAFF;-webkit-transform:scale(1,1);-ms-transform:scale(1,1);transform:scale(1,1);}/*!sc*/ .guacNV:hover .sc-dd041119-15 > svg{stroke:#BCBAFF;}/*!sc*/ .guacNV:focus-visible{color:#BCBAFF;}/*!sc*/ .guacNV:focus-visible .sc-dd041119-14{visibility:visible;opacity:1;-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0);}/*!sc*/ .guacNV:focus-visible .sc-dd041119-15{color:#BCBAFF;}/*!sc*/ .guacNV:focus-visible .sc-dd041119-15::after{border-bottom-color:#BCBAFF;-webkit-transform:scale(1,1);-ms-transform:scale(1,1);transform:scale(1,1);}/*!sc*/ .guacNV:focus-visible .sc-dd041119-15 > svg{stroke:#BCBAFF;}/*!sc*/ .guacNV:focus-within{color:#BCBAFF;}/*!sc*/ .guacNV:focus-within .sc-dd041119-14{visibility:visible;opacity:1;-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0);}/*!sc*/ .guacNV:focus-within .sc-dd041119-15{color:#BCBAFF;}/*!sc*/ .guacNV:focus-within .sc-dd041119-15::after{border-bottom-color:#BCBAFF;-webkit-transform:scale(1,1);-ms-transform:scale(1,1);transform:scale(1,1);}/*!sc*/ .guacNV:focus-within .sc-dd041119-15 > svg{stroke:#BCBAFF;}/*!sc*/ data-styled.g229[id="sc-dd041119-16"]{content:"guacNV,"}/*!sc*/ .cAIXhk{background:rgba(23,23,23,0.96);-webkit-backdrop-filter:blur(14px);backdrop-filter:blur(14px);border:0.1rem solid #2A2A2A;border-radius:1rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;}/*!sc*/ data-styled.g230[id="sc-dd041119-17"]{content:"cAIXhk,"}/*!sc*/ .fpHhIS{min-width:31.1rem;width:31.1rem;padding:3.2rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;}/*!sc*/ data-styled.g235[id="sc-8f844919-0"]{content:"fpHhIS,"}/*!sc*/ .dnIcIy{border-right:0.1rem solid #2A2A2A;-webkit-flex:1;-ms-flex:1;flex:1;width:100%;min-width:33%;}/*!sc*/ .bGXLnD{border-right:0.1rem solid #2A2A2A;}/*!sc*/ data-styled.g236[id="sc-8f844919-1"]{content:"dnIcIy,bGXLnD,"}/*!sc*/ .jCxqEl{border-right:0.1rem solid #2A2A2A;-webkit-flex:1;-ms-flex:1;flex:1;width:100%;min-width:33%;}/*!sc*/ .bxnFbo{border-right:0.1rem solid #2A2A2A;}/*!sc*/ data-styled.g237[id="sc-8f844919-2"]{content:"jCxqEl,bxnFbo,"}/*!sc*/ .cmuXnw{width:auto;-webkit-flex:1;-ms-flex:1;flex:1;padding:3.2rem;width:100%;min-width:33%;}/*!sc*/ .edUBug{width:auto;-webkit-flex:1;-ms-flex:1;flex:1;padding:3.2rem 0;}/*!sc*/ .ftjeVJ{width:auto;-webkit-flex:1;-ms-flex:1;flex:1;padding:0;width:100%;min-width:33%;}/*!sc*/ data-styled.g238[id="sc-8f844919-3"]{content:"cmuXnw,edUBug,ftjeVJ,"}/*!sc*/ .kPRjAI{list-style:none;padding:0;height:100%;}/*!sc*/ data-styled.g240[id="sc-c4163730-1"]{content:"kPRjAI,"}/*!sc*/ .hUbpnv{margin:0;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;font-family:Aeonik,sans-serif;font-weight:500;font-size:1.4rem;line-height:2.4rem;color:#FFFFFF;}/*!sc*/ .hUbpnv + li{margin-top:1.6rem;}/*!sc*/ .hUbpnv svg{margin-right:1.4rem;min-width:2.4rem;}/*!sc*/ .hUbpnv a{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;color:#FFFFFF;-webkit-transition:color 0.2s ease;transition:color 0.2s ease;width:100%;}/*!sc*/ .hUbpnv a:hover{color:#BCBAFF;}/*!sc*/ .hUbpnv:last-of-type{margin-bottom:3.2rem;}/*!sc*/ data-styled.g241[id="sc-c4163730-2"]{content:"hUbpnv,"}/*!sc*/ .blDajZ{border-top:0.1rem solid #2A2A2A;padding-top:2.4rem;}/*!sc*/ data-styled.g243[id="sc-c4163730-4"]{content:"blDajZ,"}/*!sc*/ .eqdKOL{list-style:none;padding:0;display:grid;grid-template-columns:1fr;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;height:100%;}/*!sc*/ data-styled.g244[id="sc-31a2510-0"]{content:"eqdKOL,"}/*!sc*/ .hwlhfg{margin:0;padding:3.2rem;height:14.47rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}/*!sc*/ .hwlhfg + li{border-top:0.1rem solid #2A2A2A;}/*!sc*/ .hwlhfg div{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;}/*!sc*/ .hwlhfg a{color:#BDC4CF;width:100%;}/*!sc*/ .hwlhfg a svg{margin-right:1.4rem;}/*!sc*/ .hwlhfg a p{margin:0;}/*!sc*/ .hwlhfg a p:first-child{font-weight:500;color:#FFFFFF;-webkit-transition:color 0.2s ease;transition:color 0.2s ease;}/*!sc*/ .hwlhfg a:hover p{color:#BDC4CF;}/*!sc*/ .hwlhfg a:hover p:first-child{color:#BCBAFF;}/*!sc*/ data-styled.g245[id="sc-31a2510-1"]{content:"hwlhfg,"}/*!sc*/ .lcoOff a{display:block;color:#FFFFFF;}/*!sc*/ .lcoOff a:hover{color:#BCBAFF;}/*!sc*/ .lcoOff a span{font-weight:500;}/*!sc*/ .lcoOff a + a{margin-top:2.4rem;}/*!sc*/ .lcoOff a + p{margin-top:3.6rem;}/*!sc*/ data-styled.g246[id="sc-8583e179-0"]{content:"lcoOff,"}/*!sc*/ .VCjId{padding:0 3.2rem;display:block;}/*!sc*/ .VCjId:hover p:last-of-type{color:#BCBAFF;}/*!sc*/ .VCjId:first-child{margin-bottom:2.4rem;}/*!sc*/ data-styled.g250[id="sc-1e1df8de-0"]{content:"VCjId,"}/*!sc*/ .jDuOPS{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}/*!sc*/ data-styled.g251[id="sc-1e1df8de-1"]{content:"jDuOPS,"}/*!sc*/ .iiLmVo{border-radius:0.8rem;width:100%;max-width:13rem;height:9rem;margin-right:1.9rem;object-fit:cover;}/*!sc*/ data-styled.g253[id="sc-1e1df8de-3"]{content:"iiLmVo,"}/*!sc*/ .jxCIxl{border-top:0.1rem solid #2A2A2A;}/*!sc*/ data-styled.g254[id="sc-4b4277c0-0"]{content:"jxCIxl,"}/*!sc*/ .cRKzFM{padding:3.2rem 3.2rem 0 3.2rem;}/*!sc*/ data-styled.g255[id="sc-4b4277c0-1"]{content:"cRKzFM,"}/*!sc*/ .boeDXs{background:#111111;padding-top:1.2rem;}/*!sc*/ data-styled.g256[id="sc-5aba37fd-0"]{content:"boeDXs,"}/*!sc*/ .iNOOcn{width:100%;max-width:144rem;margin:auto;font-family:Inter,sans-serif;}/*!sc*/ data-styled.g257[id="sc-5aba37fd-1"]{content:"iNOOcn,"}/*!sc*/ .hsxkU{display:grid;grid-template-columns:1fr 1fr;grid-row-gap:4.8rem;margin:4.8rem 1.6rem auto;}/*!sc*/ @media screen and (min-width:900px){.hsxkU{margin:6.4rem 2.4rem auto;}}/*!sc*/ @media screen and (min-width:1200px){.hsxkU{grid-template-columns:1fr 1fr 1fr 1fr;grid-template-rows:1fr 1fr;margin:8rem 11.2rem auto;max-width:121.6rem;}}/*!sc*/ data-styled.g258[id="sc-5aba37fd-2"]{content:"hsxkU,"}/*!sc*/ .bzdtTB{list-style:none;margin-bottom:0;padding-left:0;}/*!sc*/ data-styled.g259[id="sc-5aba37fd-3"]{content:"bzdtTB,"}/*!sc*/ .kdoBcI{font-weight:500;font-size:1.4rem;line-height:3.2rem;-webkit-letter-spacing:-0.001rem;-moz-letter-spacing:-0.001rem;-ms-letter-spacing:-0.001rem;letter-spacing:-0.001rem;padding-right:3.2rem;}/*!sc*/ .kdoBcI a{color:#fff;}/*!sc*/ .kdoBcI a span{background:linear-gradient(153.07deg,#3ec6eb -2.47%,#1bc99f 102.78%);padding:0.1rem 0.6rem;border-radius:0.4rem;margin-left:0.8rem;color:#fff;font-weight:600;}/*!sc*/ .kdoBcI a:hover{color:#bcbaff;}/*!sc*/ @media screen and (min-width:900px){.kdoBcI p::before{content:'';margin-right:0.8rem;border-left:0.1rem solid #8c929c;height:1.2rem;display:inline-block;}}/*!sc*/ data-styled.g261[id="sc-5aba37fd-5"]{content:"kdoBcI,"}/*!sc*/ .lnUvqq{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;}/*!sc*/ .lnUvqq > ul{-webkit-flex:1;-ms-flex:1;flex:1;}/*!sc*/ data-styled.g262[id="sc-5aba37fd-6"]{content:"lnUvqq,"}/*!sc*/ .ixSxQa{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;grid-gap:1.6rem;margin-left:1.6rem;display:none;}/*!sc*/ @media screen and (min-width:900px){.ixSxQa{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;margin-left:0;}}/*!sc*/ .hBNnUf{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;grid-gap:1.6rem;margin-left:1.6rem;}/*!sc*/ @media screen and (min-width:900px){.hBNnUf{display:none;}}/*!sc*/ data-styled.g263[id="sc-5aba37fd-7"]{content:"ixSxQa,hBNnUf,"}/*!sc*/ .jBtHBW{height:2.4rem;}/*!sc*/ .jBtHBW:hover{cursor:pointer;}/*!sc*/ .jBtHBW:hover path{fill:#bcbaff;}/*!sc*/ data-styled.g264[id="sc-5aba37fd-8"]{content:"jBtHBW,"}/*!sc*/ .jopQid{padding:2.4rem 0 0;position:relative;margin-top:4.8rem;}/*!sc*/ @media screen and (min-width:900px){.jopQid{display:none;}}/*!sc*/ data-styled.g265[id="sc-5aba37fd-9"]{content:"jopQid,"}/*!sc*/ .hmJgtx{display:none;}/*!sc*/ @media screen and (min-width:900px){.hmJgtx{display:block;border-top:0.1rem solid #5a5f66;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding:2.4rem;position:relative;margin-top:4.8rem;}}/*!sc*/ @media screen and (min-width:1200px){.hmJgtx{margin-top:10rem;}}/*!sc*/ data-styled.g266[id="sc-5aba37fd-10"]{content:"hmJgtx,"}/*!sc*/ .iaXEGm{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;margin:2.4rem 1.6rem;}/*!sc*/ data-styled.g267[id="sc-5aba37fd-11"]{content:"iaXEGm,"}/*!sc*/ .ieEaFH{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;font-weight:500;color:#8c929c;grid-gap:0.6rem;font-size:1.2rem;line-height:1.8rem;-webkit-flex:1;-ms-flex:1;flex:1;-webkit-flex-flow:wrap;-ms-flex-flow:wrap;flex-flow:wrap;}/*!sc*/ .ieEaFH img{max-width:4rem;}/*!sc*/ .ieEaFH a{color:#8c929c;}/*!sc*/ .ieEaFH a:hover{color:#bcbaff;}/*!sc*/ @media screen and (min-width:900px){.ieEaFH{-webkit-box-pack:end;-webkit-justify-content:flex-end;-ms-flex-pack:end;justify-content:flex-end;}}/*!sc*/ @media screen and (min-width:1200px){.ieEaFH{font-size:1.4rem;line-height:2.2rem;}}/*!sc*/ data-styled.g268[id="sc-5aba37fd-12"]{content:"ieEaFH,"}/*!sc*/ .YUhCw{cursor:pointer;height:100%;color:#fff;margin-left:3.2rem;position:relative;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}/*!sc*/ .YUhCw svg{stroke:#fff;}/*!sc*/ .YUhCw:hover{color:#bcbaff;}/*!sc*/ .YUhCw:hover svg{stroke:#bcbaff;}/*!sc*/ data-styled.g269[id="sc-5aba37fd-13"]{content:"YUhCw,"}/*!sc*/ .gAfsIP{visibility:hidden;opacity:0;position:absolute;-webkit-transition:opacity 0.2s ease;transition:opacity 0.2s ease;left:-3.4rem;top:-20.2rem;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}/*!sc*/ @media screen and (min-width:1200px){.gAfsIP{left:-2.4rem;}}/*!sc*/ data-styled.g270[id="sc-5aba37fd-14"]{content:"gAfsIP,"}/*!sc*/ .cQGznC{min-width:13.4rem;margin-top:0;background:#111111;color:#bcbaff;box-shadow:0 0 0.8rem rgba(0,0,0,0.25);border-radius:0.8rem;padding:1.6rem 2.4rem;list-style:none;}/*!sc*/ data-styled.g271[id="sc-5aba37fd-15"]{content:"cQGznC,"}/*!sc*/ .bYxAPV{line-height:2.8rem;}/*!sc*/ .bYxAPV:hover{color:#bcbaff;-webkit-text-decoration:underline;text-decoration:underline;}/*!sc*/ data-styled.g272[id="sc-5aba37fd-16"]{content:"bYxAPV,"}/*!sc*/ .jYEgAu{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;z-index:1;font-size:1.2rem;}/*!sc*/ @media screen and (min-width:1200px){.jYEgAu{font-size:1.4rem;}}/*!sc*/ .jYEgAu:hover .sc-5aba37fd-14{visibility:visible;opacity:1;}/*!sc*/ .jYEgAu:focus-visible .sc-5aba37fd-14{visibility:visible;opacity:1;}/*!sc*/ .jYEgAu:focus-within .sc-5aba37fd-14{visibility:visible;opacity:1;}/*!sc*/ data-styled.g273[id="sc-5aba37fd-17"]{content:"jYEgAu,"}/*!sc*/ .lfXgaO{margin-left:0.8rem;font-weight:500;}/*!sc*/ data-styled.g274[id="sc-5aba37fd-18"]{content:"lfXgaO,"}/*!sc*/ .bVgRVN{background:#1E212A;padding-top:4rem;}/*!sc*/ @media screen and (min-width:1200px){.bVgRVN{padding-top:10.8rem;}}/*!sc*/ data-styled.g313[id="sc-3b94eda6-0"]{content:"bVgRVN,"}/*!sc*/ .gUljvi{max-width:100%;padding:0 1.6rem;margin:0 auto;}/*!sc*/ @media screen and (min-width:900px){.gUljvi{padding:0 2.4rem;}}/*!sc*/ @media screen and (min-width:1200px){.gUljvi{margin:8rem auto 0;padding:0 11.2rem;width:144rem;}}/*!sc*/ data-styled.g314[id="sc-3b94eda6-1"]{content:"gUljvi,"}/*!sc*/ .juFhAq{color:#8c929c;}/*!sc*/ data-styled.g315[id="sc-3b94eda6-2"]{content:"juFhAq,"}/*!sc*/ @media screen and (min-width:900px){.bBwxno{display:grid;grid-template-columns:repeat(8,1fr);-webkit-column-gap:2.4rem;column-gap:2.4rem;}}/*!sc*/ @media screen and (min-width:1200px){.bBwxno{grid-template-columns:repeat(12,1fr);}}/*!sc*/ data-styled.g316[id="sc-3b94eda6-3"]{content:"bBwxno,"}/*!sc*/ .hiFUVK{grid-column:1 / 7;}/*!sc*/ data-styled.g317[id="sc-3b94eda6-4"]{content:"hiFUVK,"}/*!sc*/ .evmolY{display:block;margin:4.2rem auto 0;}/*!sc*/ @media screen and (min-width:900px){.evmolY{grid-column:9 / 13;margin:0 0 0 -3.2rem;}}/*!sc*/ data-styled.g318[id="sc-3b94eda6-5"]{content:"evmolY,"}/*!sc*/ .eNmcas{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;gap:2.4rem;}/*!sc*/ @media screen and (min-width:900px){.eNmcas{-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}}/*!sc*/ data-styled.g319[id="sc-3b94eda6-6"]{content:"eNmcas,"}/*!sc*/ .gudXjm{border-top:0.1rem solid #BDC4CF;margin:4.2rem 0 2.4rem;}/*!sc*/ @media screen and (min-width:1200px){.gudXjm{margin:8rem -11.2rem 2.4rem -11.2rem;}}/*!sc*/ data-styled.g320[id="sc-3b94eda6-7"]{content:"gudXjm,"}/*!sc*/ .bLJcIl{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding-bottom:2.4rem;gap:3.2rem;-webkit-flex-direction:column-reverse;-ms-flex-direction:column-reverse;flex-direction:column-reverse;}/*!sc*/ @media screen and (min-width:900px){.bLJcIl{-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;gap:0;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;}}/*!sc*/ data-styled.g321[id="sc-3b94eda6-8"]{content:"bLJcIl,"}/*!sc*/ .dheVdX{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;gap:2.4rem;overflow-x:scroll;}/*!sc*/ @media screen and (min-width:900px){.dheVdX{gap:4.8rem;overflow-x:unset;}}/*!sc*/ data-styled.g322[id="sc-3b94eda6-9"]{content:"dheVdX,"}/*!sc*/ .hTbLrq{font-size:1.6rem;font-family:Inter,sans-serif;line-height:3.2rem;-webkit-letter-spacing:0.015rem;-moz-letter-spacing:0.015rem;-ms-letter-spacing:0.015rem;letter-spacing:0.015rem;color:#BCBAFF;text-transform:capitalize;position:relative;cursor:pointer;font-weight:500;white-space:nowrap;}/*!sc*/ .hTbLrq:hover,.hTbLrq:focus{color:#BCBAFF;-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .hTbLrq:after{content:'';-webkit-transition:background-color 0.2s ease,-webkit-transform 0.2s ease;-webkit-transition:background-color 0.2s ease,transform 0.2s ease;transition:background-color 0.2s ease,transform 0.2s ease;width:100%;border-radius:0.2rem 0.2rem 0 0;height:0.3rem;display:block;left:0;-webkit-transform:scale(0,1);-ms-transform:scale(0,1);transform:scale(0,1);bottom:0;position:absolute;}/*!sc*/ .hTbLrq:after{background-color:#BCBAFF;-webkit-transform:scale(1,1);-ms-transform:scale(1,1);transform:scale(1,1);}/*!sc*/ @media screen and (min-width:900px){.hTbLrq:after{bottom:-2.4rem;}}/*!sc*/ .cKtgSw{font-size:1.6rem;font-family:Inter,sans-serif;line-height:3.2rem;-webkit-letter-spacing:0.015rem;-moz-letter-spacing:0.015rem;-ms-letter-spacing:0.015rem;letter-spacing:0.015rem;color:white;text-transform:capitalize;position:relative;cursor:pointer;font-weight:500;white-space:nowrap;}/*!sc*/ .cKtgSw:hover,.cKtgSw:focus{color:#BCBAFF;-webkit-text-decoration:none;text-decoration:none;}/*!sc*/ .cKtgSw:after{content:'';-webkit-transition:background-color 0.2s ease,-webkit-transform 0.2s ease;-webkit-transition:background-color 0.2s ease,transform 0.2s ease;transition:background-color 0.2s ease,transform 0.2s ease;width:100%;border-radius:0.2rem 0.2rem 0 0;height:0.3rem;display:block;left:0;-webkit-transform:scale(0,1);-ms-transform:scale(0,1);transform:scale(0,1);bottom:0;position:absolute;}/*!sc*/ @media screen and (min-width:900px){.cKtgSw:after{bottom:-2.4rem;}}/*!sc*/ data-styled.g323[id="sc-3b94eda6-10"]{content:"hTbLrq,cKtgSw,"}/*!sc*/ .kfrMbY{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;gap:4.8rem;}/*!sc*/ data-styled.g324[id="sc-3b94eda6-11"]{content:"kfrMbY,"}/*!sc*/ .eTjBiJ{max-width:100%;padding:0 1.6rem;margin:2.4rem auto;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;gap:2.4rem;}/*!sc*/ @media screen and (min-width:900px){.eTjBiJ{padding:0 2.4rem;display:grid;grid-template-columns:1fr 1fr 1fr;margin:4.8rem auto;gap:3.2rem;}}/*!sc*/ @media screen and (min-width:1200px){.eTjBiJ{padding:0 11.2rem;width:144rem;}}/*!sc*/ data-styled.g325[id="sc-b610803b-0"]{content:"eTjBiJ,"}/*!sc*/ .kroUug{padding:2.4rem 2.4rem 3.2rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;}/*!sc*/ .kroUug a{color:#635DFF;}/*!sc*/ .kroUug a:focus{color:#564ED1;-webkit-text-decoration:underline solid #564ED1;text-decoration:underline solid #564ED1;}/*!sc*/ @media screen and (min-width:900px){.kroUug{height:16.8rem;box-sizing:content-box;}}/*!sc*/ data-styled.g326[id="sc-b610803b-1"]{content:"kroUug,"}/*!sc*/ .gaTwBD{border:0.1rem solid #BDC4CF;border-radius:2.4rem;padding:0.8rem 0.8rem 0;}/*!sc*/ .gaTwBD img{-webkit-transition:all 0.2s ease-in-out;transition:all 0.2s ease-in-out;}/*!sc*/ .gaTwBD:hover{border:0.1rem solid #908BFF;}/*!sc*/ .gaTwBD:hover p:last-of-type{-webkit-text-decoration:underline;text-decoration:underline;color:#564ED1;}/*!sc*/ .gaTwBD:hover img{-webkit-transform:scale(1.05);-ms-transform:scale(1.05);transform:scale(1.05);}/*!sc*/ data-styled.g327[id="sc-b610803b-2"]{content:"gaTwBD,"}/*!sc*/ .eLELzP{background:linear-gradient(0deg,rgba(0,0,0,0.12),rgba(0,0,0,0.12)),linear-gradient(90deg,#FF4F40 0%,#FF44DD 99.99%);border-radius:1.8rem 1.8rem 0 0;padding:2.6rem 0;height:15.2rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;}/*!sc*/ .dTviRC{background:linear-gradient(0deg,rgba(0,0,0,0.12),rgba(0,0,0,0.12)),linear-gradient(154.49deg,#FF44DD -0.49%,#635DFF 98.75%);border-radius:1.8rem 1.8rem 0 0;padding:2.6rem 0;height:15.2rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;}/*!sc*/ .ivbPgg{background:linear-gradient(0deg,rgba(0,0,0,0.12),rgba(0,0,0,0.12)),linear-gradient(66.68deg,#FF44DD -17.45%,rgba(99,93,255,0.8) 23.64%,#1E212A 79.47%);border-radius:1.8rem 1.8rem 0 0;padding:2.6rem 0;height:15.2rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;}/*!sc*/ .elUfSo{background:linear-gradient(0deg,rgba(0,0,0,0.12),rgba(0,0,0,0.12)),linear-gradient(282.96deg,#3EC6EB 2.11%,rgba(99,93,255,0.8) 19.55%,#1E212A 75.23%);border-radius:1.8rem 1.8rem 0 0;padding:2.6rem 0;height:15.2rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;}/*!sc*/ .hdkFJj{background:linear-gradient(0deg,rgba(0,0,0,0.12),rgba(0,0,0,0.12)),linear-gradient(153.07deg,#908BFF -2.47%,#3EC6EB 66.13%,#1BC99F 102.78%);border-radius:1.8rem 1.8rem 0 0;padding:2.6rem 0;height:15.2rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;}/*!sc*/ .iuNufC{background:linear-gradient(0deg,rgba(0,0,0,0.12),rgba(0,0,0,0.12)),linear-gradient(152.24deg,#FF44DD 1.93%,#EBCA40 97.06%);border-radius:1.8rem 1.8rem 0 0;padding:2.6rem 0;height:15.2rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;}/*!sc*/ .eNqZqF{background:linear-gradient(0deg,rgba(0,0,0,0.12),rgba(0,0,0,0.12)),linear-gradient(98.32deg,#635DFF 6.39%,#00297A 114.95%);border-radius:1.8rem 1.8rem 0 0;padding:2.6rem 0;height:15.2rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;}/*!sc*/ data-styled.g328[id="sc-b610803b-3"]{content:"eLELzP,dTviRC,ivbPgg,elUfSo,hdkFJj,iuNufC,eNqZqF,"}/*!sc*/ .iiePZv{max-height:10rem;}/*!sc*/ data-styled.g329[id="sc-b610803b-4"]{content:"iiePZv,"}/*!sc*/ .kMKoul{max-width:100%;padding:0 1.6rem;margin:4.8rem auto;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;gap:2.4rem;}/*!sc*/ @media screen and (min-width:900px){.kMKoul{padding:0 2.4rem;margin:8rem auto 12rem;}}/*!sc*/ @media screen and (min-width:1200px){.kMKoul{padding:0 11.2rem;width:144rem;}}/*!sc*/ data-styled.g330[id="sc-52f1df5b-0"]{content:"kMKoul,"}/*!sc*/ .hGLrTS{padding:4.8rem 3.2rem;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;overflow:hidden;position:relative;background:url(https://cdn.auth0.com/website/learn/banner/Group_28570.svg) bottom right no-repeat #3A3E44;border-radius:4rem;width:100%;}/*!sc*/ @media screen and (min-width:900px){.hGLrTS{margin:0 auto;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;}}/*!sc*/ @media screen and (min-width:1200px){.hGLrTS{padding:6.4rem 6.4rem 5.6rem 6.4rem;}}/*!sc*/ data-styled.g331[id="sc-52f1df5b-1"]{content:"hGLrTS,"}/*!sc*/ @media screen and (min-width:900px){.iEnodj{max-width:59rem;}}/*!sc*/ data-styled.g332[id="sc-52f1df5b-2"]{content:"iEnodj,"}/*!sc*/ .euBHLz{display:none;}/*!sc*/ @media screen and (min-width:900px){.euBHLz{display:block;position:absolute;right:13.2rem;bottom:0;width:27rem;}}/*!sc*/ @media screen and (min-width:1200px){.euBHLz{width:27rem;}}/*!sc*/ data-styled.g333[id="sc-52f1df5b-3"]{content:"euBHLz,"}/*!sc*/ .keuylH{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;gap:2.4rem;}/*!sc*/ .keuylH a:nth-child(2){background:#3A3E44;}/*!sc*/ @media screen and (min-width:900px){.keuylH{-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}}/*!sc*/ data-styled.g334[id="sc-52f1df5b-4"]{content:"keuylH,"}/*!sc*/ </style></head><body><div id="__next"><div class="sc-dd041119-2 iaTkkA"></div><div class="sc-dd041119-1 eiqtQu"></div><header class="sc-dd041119-3 ggjfoe"><div class="sc-5beafa8a-0 ctGhWm"><div class="sc-5beafa8a-1 fXlPNE"><a class="sc-5beafa8a-5 gnbkUy"></a><div class="sc-5beafa8a-6 fGOvxz"><a href="/api/auth/login?redirectTo=dashboard" rel="external" class="sc-5beafa8a-7 iYIAFF">Login</a><div class="sc-5beafa8a-8 eshLTC"><div class="sc-5beafa8a-10 flgNuK"><span class="sc-5beafa8a-12 gUmNqK"><svg width="20" height="20" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true"><path fill-rule="evenodd" clip-rule="evenodd" d="M12 22C17.5228 22 22 17.5228 22 12C22 6.47715 17.5228 2 12 2C6.47715 2 2 6.47715 2 12C2 17.5228 6.47715 22 12 22Z" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M2 12H22" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M12 2C14.5013 4.73835 15.9228 8.29203 16 12C15.9228 15.708 14.5013 19.2616 12 22C9.49872 19.2616 8.07725 15.708 8 12C8.07725 8.29203 9.49872 4.73835 12 2V2Z" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path></svg></span><select aria-label="Language selector" class="sc-5beafa8a-11 jjbnIz"><option value="de" class="sc-5beafa8a-9 evcvFz">Deutsch</option><option value="en" class="sc-5beafa8a-9 evcvFz" selected="">English</option><option value="fr" class="sc-5beafa8a-9 evcvFz">Français</option><option value="es" class="sc-5beafa8a-9 evcvFz">Español</option><option value="pt" class="sc-5beafa8a-9 evcvFz">Português</option><option value="ja" class="sc-5beafa8a-9 evcvFz">日本語</option></select><span class="sc-5beafa8a-13 cJXqJO"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><g id="chevron-down"><path id="icon" fill-rule="evenodd" clip-rule="evenodd" d="M7.99994 9.93934L12.4696 5.46967L13.5303 6.53033L8.53027 11.5303C8.23738 11.8232 7.76251 11.8232 7.46961 11.5303L2.46961 6.53033L3.53027 5.46967L7.99994 9.93934Z" fill="#FFFEFA"></path></g></svg></span></div></div></div></div></div><nav aria-label="Mobile nav" class="sc-dd041119-9 hBBOUu"><a rel="external" href="/" aria-label="Auth0 logo" class="sc-dd041119-5 iDvPUZ"><svg xmlns="http://www.w3.org/2000/svg" width="152" height="40" viewBox="0 0 152 40" fill="none"><g clip-path="url(#clip0_13131_4833)"><path d="M34.7188 26.5791L39.6939 13.5352H41.6133L46.5698 26.5791H44.8367L43.4578 23.0571H37.7748L36.3959 26.5791H34.7188ZM38.2593 21.585H42.9739L40.6073 15.3054L38.2593 21.585Z" fill="#FFFEFA"></path><path d="M53.7713 17.0793H55.2993V26.5827H53.9763L53.7713 25.3155C53.2123 26.0237 52.2992 26.6945 50.7338 26.6945C48.6468 26.6945 46.9883 25.5208 46.9883 22.3716V17.0793H48.5163V22.2784C48.5163 24.2534 49.4108 25.2972 50.9947 25.2972C52.7278 25.2972 53.7713 23.9742 53.7713 21.8312V17.0793Z" fill="#FFFEFA"></path><path d="M57.7453 18.4754H56.0312V17.0778H57.7453V14.4131H59.2734V17.0778H61.7331V18.4754H59.2734V24.0845C59.2734 24.8854 59.5529 25.1839 60.3728 25.1839H61.8822V26.5815H60.2237C58.3975 26.5815 57.7453 25.7802 57.7453 24.1031V18.4754Z" fill="#FFFEFA"></path><path d="M71.2348 21.2868V26.5791H69.7067V21.38C69.7067 19.4051 68.7564 18.3612 67.1165 18.3612C65.3462 18.3612 64.2468 19.6839 64.2468 21.8269V26.5788H62.7188V13.5352H64.2468V18.641C64.8058 17.7466 65.7748 16.9636 67.3774 16.9636C69.5018 16.9636 71.2348 18.1376 71.2348 21.2868Z" fill="#FFFEFA"></path><path d="M72.6543 19.7613C72.6543 16.053 74.6668 13.4255 77.6108 13.4255C80.5364 13.4255 82.549 16.053 82.549 19.7613V20.3576C82.549 24.2519 80.5364 26.6931 77.6108 26.6931C74.6668 26.6931 72.6543 24.2519 72.6543 20.3576V19.7613ZM80.965 19.8172C80.965 16.7239 79.6233 14.8604 77.6108 14.8604C75.5799 14.8604 74.2382 16.7239 74.2382 19.8172V20.3017C74.2382 23.3951 75.5799 25.2585 77.6108 25.2585C79.6237 25.2585 80.965 23.3951 80.965 20.3017V19.8172Z" fill="#FFFEFA"></path><path d="M98.0691 21.8272C98.0691 24.7343 96.1311 26.6909 93.5036 26.6909C91.901 26.6909 90.8202 26.039 90.2429 25.1259L90.0376 26.5791H88.7148V13.5352H90.2429V18.6035C90.8765 17.7273 91.901 16.9636 93.5036 16.9636C96.1308 16.9636 98.0691 18.7342 98.0691 21.8272ZM96.5035 21.8272C96.5035 19.7588 95.2363 18.3243 93.3542 18.3243C91.4908 18.3243 90.2236 19.7591 90.2236 21.7903C90.2236 23.8771 91.4908 25.3309 93.3542 25.3309C95.2363 25.3306 96.5035 23.8957 96.5035 21.8272Z" fill="#FFFEFA"></path><path d="M98.0117 17.0752H99.6329L102.559 24.6592L105.391 17.0752H107.012L102.633 28.1811C102.037 29.7092 101.682 30.3051 100.341 30.3051H98.5145V28.9075H99.8745C100.751 28.9075 100.899 28.6839 101.254 27.7895L101.719 26.6341L98.0117 17.0752Z" fill="#FFFEFA"></path><path d="M118.431 26.6928C114.76 26.6928 112.207 23.8979 112.207 20.0591C112.207 16.2207 114.76 13.4255 118.431 13.4255C122.102 13.4255 124.655 16.2207 124.655 20.0591C124.655 23.8976 122.102 26.6928 118.431 26.6928ZM118.431 25.202C121.151 25.202 122.996 23.059 122.996 20.0588C122.996 17.0587 121.151 14.9157 118.431 14.9157C115.71 14.9157 113.865 17.0587 113.865 20.0588C113.865 23.059 115.71 25.202 118.431 25.202Z" fill="#FFFEFA"></path><path d="M126.182 13.5352H127.71V22.1254L132.48 17.0754H134.362L130.654 21.007L134.623 26.5788H132.778L129.629 22.1065L127.71 24.0817V26.5784H126.182V13.5352H126.182Z" fill="#FFFEFA"></path><path d="M136.464 18.4754H134.75V17.0778H136.464V14.4131H137.992V17.0778H140.452V18.4754H137.992V24.0845C137.992 24.8854 138.272 25.1839 139.092 25.1839H140.601V26.5815H138.942C137.116 26.5815 136.464 25.7802 136.464 24.1031V18.4754Z" fill="#FFFEFA"></path><path d="M150.414 25.1837V26.5813H149.576C148.309 26.5813 147.88 26.0409 147.861 25.1092C147.265 25.9664 146.315 26.6931 144.675 26.6931C142.588 26.6931 141.172 25.6496 141.172 23.9165C141.172 22.0158 142.495 20.9536 144.992 20.9536H147.787V20.3014C147.787 19.0719 146.911 18.3265 145.421 18.3265C144.079 18.3265 143.184 18.96 142.998 19.929H141.47C141.694 18.0653 143.203 16.9658 145.495 16.9658C147.918 16.9658 149.315 18.1774 149.315 20.3946V24.5501C149.315 25.0533 149.502 25.184 149.93 25.184L150.414 25.1837ZM147.787 22.2394H144.843C143.483 22.2394 142.719 22.7426 142.719 23.8234C142.719 24.7551 143.52 25.3887 144.787 25.3887C146.688 25.3887 147.788 24.2892 147.788 22.7053V22.2394H147.787Z" fill="#FFFEFA"></path><path d="M1.68997 17.8918C6.93659 17.0276 11.0459 12.6902 11.9101 7.44679L12.1993 4.92469C12.27 4.52308 12.0001 3.96725 11.4924 4.00581C7.52776 4.31424 3.79119 5.62188 1.70604 6.47329C0.674703 6.89418 0 7.89981 0 9.01467V17.2396C0 17.728 0.43695 18.0975 0.918881 18.0203L1.68997 17.895V17.8918Z" fill="#FFFEFA"></path><path d="M14.4397 7.44608C15.304 12.6927 19.4133 17.0269 24.6599 17.8911L25.431 18.0164C25.9129 18.0967 26.3498 17.724 26.3498 17.2357V9.01074C26.3498 7.89588 25.6751 6.89346 24.6438 6.46937C22.5619 5.61796 18.8221 4.31032 14.8574 4.00188C14.3498 3.96333 14.0863 4.52558 14.1474 4.92076L14.4365 7.44286L14.4397 7.44608Z" fill="#FFFEFA"></path><path d="M24.6566 20.1924C17.4887 21.6061 14.1602 26.3708 14.1602 35.3925C14.1602 35.8455 14.61 36.1572 14.9859 35.9066C18.2823 33.6833 25.5369 27.8808 26.2855 20.6197C26.3145 19.7041 25.1707 20.1346 24.6566 20.1924Z" fill="#FFFEFA"></path><path d="M1.69196 20.1963C8.85988 21.61 12.1884 26.3747 12.1884 35.3964C12.1884 35.8494 11.7386 36.1611 11.3627 35.9105C8.0663 33.6872 0.811637 27.8847 0.0630382 20.6236C0.0341223 19.708 1.1779 20.1385 1.69196 20.1963Z" fill="#FFFEFA"></path></g><defs><clipPath id="clip0_13131_4833"><rect width="152" height="40" fill="#FFFEFA"></rect></clipPath></defs></svg></a><div class="sc-dd041119-10 lmuCEj"><button aria-label="Menu" aria-expanded="false" class="sc-dd041119-11 librYF"><span class="sc-dd041119-12 fSwMvz"></span></button></div><section class="sc-48604b4d-0 SOwTF"><ul class="sc-48604b4d-1 dYTUtR"><li class="sc-48604b4d-2 iuroVT"><p class="sc-48604b4d-5 hUFtQd">Developers</p><div class="sc-48604b4d-6 ldmKKE"><div class="sc-48604b4d-7 kzEdNm"><p class="sc-48604b4d-8 iDtUXN">Developers</p><ul class="sc-48604b4d-10 dIBWQm"><li class="sc-48604b4d-11 fvHSWT"><a href="https://developer.auth0.com/" rel="external">Developer Center</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="https://developer.auth0.com/resources/code-samples" rel="external">Code Samples</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="https://developer.auth0.com/resources/guides" rel="external">Guides</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="https://identityunlocked.auth0.com/public/49/Identity,-Unlocked.--bed7fada" rel="external">Identity Unlocked - Podcasts</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="https://developer.auth0.com/newsletter" rel="external">Zero Index Newsletter</a></li></ul></div><div class="sc-48604b4d-7 kzEdNm"><p class="sc-48604b4d-8 iDtUXN">Developer Tools</p><ul class="sc-48604b4d-10 dIBWQm"><li class="sc-48604b4d-11 fvHSWT"><a href="https://openidconnect.net/" rel="external">OIDC Connect Playground</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="https://samltool.io/" rel="external">SAML Tool</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="http://jwt.io/" rel="external">JWT.io</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="http://webauthn.me/" rel="external">Webauthn.me</a></li></ul></div><div class="sc-48604b4d-7 kzEdNm"><p class="sc-48604b4d-8 iDtUXN">Get Involved</p><ul class="sc-48604b4d-10 dIBWQm"><li class="sc-48604b4d-11 fvHSWT"><a href="https://developer.auth0.com/events" rel="external">Events</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/ambassador-program" rel="external">Ambassador Program</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/research-program" rel="external">Auth0 Research Program</a></li></ul></div></div></li><li class="sc-48604b4d-2 iuroVT"><p class="sc-48604b4d-5 hUFtQd">Documentation</p><div class="sc-48604b4d-6 ldmKKE"><div class="sc-48604b4d-7 kzEdNm"><p class="sc-48604b4d-8 iDtUXN">Documentation</p><ul class="sc-48604b4d-10 dIBWQm"><li class="sc-48604b4d-11 fvHSWT"><a href="/docs" rel="external">Auth0 Docs</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/docs/articles" rel="external">Articles</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/docs/quickstarts" rel="external">Quickstarts</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/docs/api" rel="external">APIs</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/docs/libraries" rel="external">SDK Libraries</a></li></ul></div><div class="sc-48604b4d-7 kzEdNm"><p class="sc-48604b4d-8 iDtUXN">Support Center</p><ul class="sc-48604b4d-10 dIBWQm"><li class="sc-48604b4d-11 fvHSWT"><a href="https://community.auth0.com/" rel="external">Community</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="https://support.auth0.com/" rel="external">Support</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="https://community.auth0.com/c/help/6" rel="external">Help</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="https://community.auth0.com/c/faq/42" rel="external">FAQs</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="https://marketplace.auth0.com" rel="external">Explore Auth0 Marketplace</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/resources" rel="external">Resources</a></li></ul></div><div class="sc-48604b4d-7 kzEdNm"><ul class="sc-48604b4d-10 dIBWQm"><li class="sc-48604b4d-11 fvHSWT"><a href="/blog/" rel="external">Blog</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/learn" rel="external">Learn</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/intro-to-iam" rel="external">Intro to IAM (CIAM)</a></li></ul></div></div></li><li class="sc-48604b4d-2 iuroVT"><p class="sc-48604b4d-5 hUFtQd">Product</p><div class="sc-48604b4d-6 ldmKKE"><div class="sc-48604b4d-7 kzEdNm"><p class="sc-48604b4d-8 iDtUXN">Platform</p><ul class="sc-48604b4d-10 dIBWQm"><li class="sc-48604b4d-11 fvHSWT"><a href="/platform/access-management" rel="external">Access Management</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/platform/extensibility" rel="external">Extensibility</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/platform/login-security" rel="external">Security</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/platform/user-management" rel="external">User Management</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/platform/authentication" rel="external">Authentication</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/fine-grained-authorization" rel="external">Fine Grained Authorization</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="https://auth0.com/platform" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 idMVZG hWziJK">View platform</a></li></ul></div><div class="sc-48604b4d-7 kzEdNm"><p class="sc-48604b4d-8 iDtUXN">Features</p><ul class="sc-48604b4d-10 dIBWQm"><li class="sc-48604b4d-11 fvHSWT"><a href="/features/universal-login" rel="external">Universal Login</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/features/single-sign-on" rel="external">Single Sign On</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/features/multifactor-authentication" rel="external">Multifactor Authentication</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/features/actions" rel="external">Actions</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/features/machine-to-machine" rel="external">Machine to Machine</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/features/passwordless" rel="external">Passwordless</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/features/breached-passwords" rel="external">Breached Passwords</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="https://auth0.com/features" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 idMVZG hWziJK">View features</a></li></ul></div></div></li><li class="sc-48604b4d-2 iuroVT"><p class="sc-48604b4d-5 hUFtQd">Solutions</p><div class="sc-48604b4d-6 ldmKKE"><div class="sc-48604b4d-7 kzEdNm"><p class="sc-48604b4d-8 iDtUXN">Industries</p><ul class="sc-48604b4d-10 dIBWQm"><li class="sc-48604b4d-11 fvHSWT"><a href="/nonprofits" rel="external">Nonprofits & Charities</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/startups" rel="external">Startups</a></li></ul></div><div class="sc-48604b4d-7 kzEdNm"><p class="sc-48604b4d-8 iDtUXN">Use Cases</p><ul class="sc-48604b4d-10 dIBWQm"><li class="sc-48604b4d-11 fvHSWT"><a href="/b2c-customer-identity-management" rel="external">Consumer Applications</a></li><li class="sc-48604b4d-11 fvHSWT"><a href="/b2b-saas" rel="external">B2B SaaS Applications</a></li></ul></div></div></li><li class="sc-48604b4d-2 sc-48604b4d-3 iuroVT UJeau"><a href="/pricing/" rel="external" class="sc-48604b4d-4 igjQFT">Pricing</a></li><li class="sc-48604b4d-2 sc-48604b4d-3 iuroVT UJeau"><div class="sc-48604b4d-13 bOieih"><svg width="20" height="20" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true"><path fill-rule="evenodd" clip-rule="evenodd" d="M12 22C17.5228 22 22 17.5228 22 12C22 6.47715 17.5228 2 12 2C6.47715 2 2 6.47715 2 12C2 17.5228 6.47715 22 12 22Z" stroke="#FFFEFA" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M2 12H22" stroke="#FFFEFA" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M12 2C14.5013 4.73835 15.9228 8.29203 16 12C15.9228 15.708 14.5013 19.2616 12 22C9.49872 19.2616 8.07725 15.708 8 12C8.07725 8.29203 9.49872 4.73835 12 2V2Z" stroke="#FFFEFA" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path></svg><p class="sc-48604b4d-14 harwqA">Language</p></div><select class="sc-48604b4d-12 hintby"><option value="de">Deutsch</option><option value="en" selected="">English</option><option value="fr">Français</option><option value="es">Español</option><option value="pt">Português</option><option value="ja">日本語</option></select></li></ul><div class="sc-48604b4d-15 dMpedj"><div class="sc-48604b4d-18 hydWjh"><a rel="external" href="/signup?place=header&type=button&text=sign%20up" role="button" tabindex="0" class="styled__Button-sc-1hwml9q-0 utils-sc-11hlfw-0 gvYGiu dCCmSO"><span>Sign up</span></a><a href="/api/auth/login?redirectTo=dashboard" rel="external" role="button" tabindex="0" class="styled__Button-sc-1hwml9q-0 utils-sc-11hlfw-0 hIGiqp dCCmSO"><span>Login</span></a></div><a href="/contact-us?place=header&type=button&text=contact%20sales" role="button" tabindex="0" class="styled__Button-sc-1hwml9q-0 utils-sc-11hlfw-0 iBRLYD isBdzo"><span>Contact sales</span></a></div></section></nav><nav aria-label="Desktop nav" class="sc-dd041119-6 dfZXfX"><div class="sc-dd041119-7 kcwluz"><a rel="external" href="/" aria-label="Auth0 logo" class="sc-dd041119-4 hvNmHd"><svg xmlns="http://www.w3.org/2000/svg" width="152" height="40" viewBox="0 0 152 40" fill="none"><g clip-path="url(#clip0_13131_4833)"><path d="M34.7188 26.5791L39.6939 13.5352H41.6133L46.5698 26.5791H44.8367L43.4578 23.0571H37.7748L36.3959 26.5791H34.7188ZM38.2593 21.585H42.9739L40.6073 15.3054L38.2593 21.585Z" fill="#FFFEFA"></path><path d="M53.7713 17.0793H55.2993V26.5827H53.9763L53.7713 25.3155C53.2123 26.0237 52.2992 26.6945 50.7338 26.6945C48.6468 26.6945 46.9883 25.5208 46.9883 22.3716V17.0793H48.5163V22.2784C48.5163 24.2534 49.4108 25.2972 50.9947 25.2972C52.7278 25.2972 53.7713 23.9742 53.7713 21.8312V17.0793Z" fill="#FFFEFA"></path><path d="M57.7453 18.4754H56.0312V17.0778H57.7453V14.4131H59.2734V17.0778H61.7331V18.4754H59.2734V24.0845C59.2734 24.8854 59.5529 25.1839 60.3728 25.1839H61.8822V26.5815H60.2237C58.3975 26.5815 57.7453 25.7802 57.7453 24.1031V18.4754Z" fill="#FFFEFA"></path><path d="M71.2348 21.2868V26.5791H69.7067V21.38C69.7067 19.4051 68.7564 18.3612 67.1165 18.3612C65.3462 18.3612 64.2468 19.6839 64.2468 21.8269V26.5788H62.7188V13.5352H64.2468V18.641C64.8058 17.7466 65.7748 16.9636 67.3774 16.9636C69.5018 16.9636 71.2348 18.1376 71.2348 21.2868Z" fill="#FFFEFA"></path><path d="M72.6543 19.7613C72.6543 16.053 74.6668 13.4255 77.6108 13.4255C80.5364 13.4255 82.549 16.053 82.549 19.7613V20.3576C82.549 24.2519 80.5364 26.6931 77.6108 26.6931C74.6668 26.6931 72.6543 24.2519 72.6543 20.3576V19.7613ZM80.965 19.8172C80.965 16.7239 79.6233 14.8604 77.6108 14.8604C75.5799 14.8604 74.2382 16.7239 74.2382 19.8172V20.3017C74.2382 23.3951 75.5799 25.2585 77.6108 25.2585C79.6237 25.2585 80.965 23.3951 80.965 20.3017V19.8172Z" fill="#FFFEFA"></path><path d="M98.0691 21.8272C98.0691 24.7343 96.1311 26.6909 93.5036 26.6909C91.901 26.6909 90.8202 26.039 90.2429 25.1259L90.0376 26.5791H88.7148V13.5352H90.2429V18.6035C90.8765 17.7273 91.901 16.9636 93.5036 16.9636C96.1308 16.9636 98.0691 18.7342 98.0691 21.8272ZM96.5035 21.8272C96.5035 19.7588 95.2363 18.3243 93.3542 18.3243C91.4908 18.3243 90.2236 19.7591 90.2236 21.7903C90.2236 23.8771 91.4908 25.3309 93.3542 25.3309C95.2363 25.3306 96.5035 23.8957 96.5035 21.8272Z" fill="#FFFEFA"></path><path d="M98.0117 17.0752H99.6329L102.559 24.6592L105.391 17.0752H107.012L102.633 28.1811C102.037 29.7092 101.682 30.3051 100.341 30.3051H98.5145V28.9075H99.8745C100.751 28.9075 100.899 28.6839 101.254 27.7895L101.719 26.6341L98.0117 17.0752Z" fill="#FFFEFA"></path><path d="M118.431 26.6928C114.76 26.6928 112.207 23.8979 112.207 20.0591C112.207 16.2207 114.76 13.4255 118.431 13.4255C122.102 13.4255 124.655 16.2207 124.655 20.0591C124.655 23.8976 122.102 26.6928 118.431 26.6928ZM118.431 25.202C121.151 25.202 122.996 23.059 122.996 20.0588C122.996 17.0587 121.151 14.9157 118.431 14.9157C115.71 14.9157 113.865 17.0587 113.865 20.0588C113.865 23.059 115.71 25.202 118.431 25.202Z" fill="#FFFEFA"></path><path d="M126.182 13.5352H127.71V22.1254L132.48 17.0754H134.362L130.654 21.007L134.623 26.5788H132.778L129.629 22.1065L127.71 24.0817V26.5784H126.182V13.5352H126.182Z" fill="#FFFEFA"></path><path d="M136.464 18.4754H134.75V17.0778H136.464V14.4131H137.992V17.0778H140.452V18.4754H137.992V24.0845C137.992 24.8854 138.272 25.1839 139.092 25.1839H140.601V26.5815H138.942C137.116 26.5815 136.464 25.7802 136.464 24.1031V18.4754Z" fill="#FFFEFA"></path><path d="M150.414 25.1837V26.5813H149.576C148.309 26.5813 147.88 26.0409 147.861 25.1092C147.265 25.9664 146.315 26.6931 144.675 26.6931C142.588 26.6931 141.172 25.6496 141.172 23.9165C141.172 22.0158 142.495 20.9536 144.992 20.9536H147.787V20.3014C147.787 19.0719 146.911 18.3265 145.421 18.3265C144.079 18.3265 143.184 18.96 142.998 19.929H141.47C141.694 18.0653 143.203 16.9658 145.495 16.9658C147.918 16.9658 149.315 18.1774 149.315 20.3946V24.5501C149.315 25.0533 149.502 25.184 149.93 25.184L150.414 25.1837ZM147.787 22.2394H144.843C143.483 22.2394 142.719 22.7426 142.719 23.8234C142.719 24.7551 143.52 25.3887 144.787 25.3887C146.688 25.3887 147.788 24.2892 147.788 22.7053V22.2394H147.787Z" fill="#FFFEFA"></path><path d="M1.68997 17.8918C6.93659 17.0276 11.0459 12.6902 11.9101 7.44679L12.1993 4.92469C12.27 4.52308 12.0001 3.96725 11.4924 4.00581C7.52776 4.31424 3.79119 5.62188 1.70604 6.47329C0.674703 6.89418 0 7.89981 0 9.01467V17.2396C0 17.728 0.43695 18.0975 0.918881 18.0203L1.68997 17.895V17.8918Z" fill="#FFFEFA"></path><path d="M14.4397 7.44608C15.304 12.6927 19.4133 17.0269 24.6599 17.8911L25.431 18.0164C25.9129 18.0967 26.3498 17.724 26.3498 17.2357V9.01074C26.3498 7.89588 25.6751 6.89346 24.6438 6.46937C22.5619 5.61796 18.8221 4.31032 14.8574 4.00188C14.3498 3.96333 14.0863 4.52558 14.1474 4.92076L14.4365 7.44286L14.4397 7.44608Z" fill="#FFFEFA"></path><path d="M24.6566 20.1924C17.4887 21.6061 14.1602 26.3708 14.1602 35.3925C14.1602 35.8455 14.61 36.1572 14.9859 35.9066C18.2823 33.6833 25.5369 27.8808 26.2855 20.6197C26.3145 19.7041 25.1707 20.1346 24.6566 20.1924Z" fill="#FFFEFA"></path><path d="M1.69196 20.1963C8.85988 21.61 12.1884 26.3747 12.1884 35.3964C12.1884 35.8494 11.7386 36.1611 11.3627 35.9105C8.0663 33.6872 0.811637 27.8847 0.0630382 20.6236C0.0341223 19.708 1.1779 20.1385 1.69196 20.1963Z" fill="#FFFEFA"></path></g><defs><clipPath id="clip0_13131_4833"><rect width="152" height="40" fill="#FFFEFA"></rect></clipPath></defs></svg></a><ul role="menubar" class="sc-dd041119-13 hxYec"><li role="menuitem" aria-haspopup="true" tabindex="0" class="sc-dd041119-16 guacNV"><div class="sc-dd041119-15 jqmQAZ"><span>Developers</span><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><g id="chevron-down"><path id="icon" fill-rule="evenodd" clip-rule="evenodd" d="M7.99994 9.93934L12.4696 5.46967L13.5303 6.53033L8.53027 11.5303C8.23738 11.8232 7.76251 11.8232 7.46961 11.5303L2.46961 6.53033L3.53027 5.46967L7.99994 9.93934Z" fill="#FFFEFA"></path></g></svg></div><div class="sc-dd041119-14 kYjdsM"><section class="sc-dd041119-17 cAIXhk"><section class="sc-8f844919-0 sc-8f844919-1 fpHhIS dnIcIy"><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj ktXiRB">Developers</p><ul role="menubar" class="sc-c4163730-1 kPRjAI"><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://developer.auth0.com/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Developer Center</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://developer.auth0.com/resources/code-samples" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Code Samples</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://developer.auth0.com/resources/guides" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Guides</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://identityunlocked.auth0.com/public/49/Identity,-Unlocked.--bed7fada" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Identity Unlocked - Podcasts</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://developer.auth0.com/newsletter" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Zero Index Newsletter</a></li></ul></section><section class="sc-8f844919-0 sc-8f844919-2 fpHhIS jCxqEl"><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj ktXiRB">Developer Tools</p><ul role="menubar" class="sc-c4163730-1 kPRjAI"><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://openidconnect.net/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">OIDC Connect Playground</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://samltool.io/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">SAML Tool</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="http://jwt.io/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">JWT.io</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="http://webauthn.me/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Webauthn.me</a></li></ul></section><section class="sc-8f844919-0 sc-8f844919-3 fpHhIS cmuXnw"><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj ktXiRB">Get Involved</p><ul role="menubar" class="sc-c4163730-1 kPRjAI"><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://developer.auth0.com/events" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Events</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/ambassador-program" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Ambassador Program</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/research-program" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Auth0 Research Program</a></li></ul></section></section></div></li><li role="menuitem" aria-haspopup="true" tabindex="0" class="sc-dd041119-16 guacNV"><div class="sc-dd041119-15 jqmQAZ"><span>Documentation</span><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><g id="chevron-down"><path id="icon" fill-rule="evenodd" clip-rule="evenodd" d="M7.99994 9.93934L12.4696 5.46967L13.5303 6.53033L8.53027 11.5303C8.23738 11.8232 7.76251 11.8232 7.46961 11.5303L2.46961 6.53033L3.53027 5.46967L7.99994 9.93934Z" fill="#FFFEFA"></path></g></svg></div><div class="sc-dd041119-14 kYjdsM"><section class="sc-dd041119-17 cAIXhk"><section class="sc-8f844919-0 sc-8f844919-1 fpHhIS bGXLnD"><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj ktXiRB">Documentation</p><ul role="menubar" class="sc-c4163730-1 kPRjAI"><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/docs" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Auth0 Docs</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/docs/articles" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Articles</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/docs/quickstarts" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Quickstarts</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/docs/api" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">APIs</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/docs/libraries" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">SDK Libraries</a></li></ul></section><section class="sc-8f844919-0 sc-8f844919-2 fpHhIS bxnFbo"><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj ktXiRB">Support Center</p><ul role="menubar" class="sc-c4163730-1 kPRjAI"><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://community.auth0.com/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Community</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://support.auth0.com/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Support</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://community.auth0.com/c/help/6" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Help</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://community.auth0.com/c/faq/42" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">FAQs</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="https://marketplace.auth0.com" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Explore Auth0 Marketplace</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/resources" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Resources</a></li></ul></section><section class="sc-8f844919-0 sc-8f844919-3 fpHhIS edUBug"><a href="/blog/getting-unlimited-scalability-with-okta-fine-grained-authorization/" rel="external" class="sc-1e1df8de-0 VCjId"><div class="sc-1e1df8de-1 jDuOPS"><img loading="lazy" src="https://cdn.auth0.com/website/website/cic-header/hero/blog-thumbnail.png" alt="" class="sc-1e1df8de-3 iiLmVo"/><div><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj jhxKr">BLOG</p><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 emycaI cKkyKw">Getting Unlimited Scalability with Okta Fine Grained Authorization</p></div></div></a><div class="sc-4b4277c0-0 jxCIxl"></div><div class="sc-4b4277c0-1 cRKzFM"><ul role="menubar" class="sc-c4163730-1 kPRjAI"><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/blog/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Blog</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/learn" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Learn</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/intro-to-iam" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Intro to IAM (CIAM)</a></li></ul></div></section></section></div></li><li role="menuitem" aria-haspopup="true" tabindex="0" class="sc-dd041119-16 guacNV"><div class="sc-dd041119-15 jqmQAZ"><span>Product</span><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><g id="chevron-down"><path id="icon" fill-rule="evenodd" clip-rule="evenodd" d="M7.99994 9.93934L12.4696 5.46967L13.5303 6.53033L8.53027 11.5303C8.23738 11.8232 7.76251 11.8232 7.46961 11.5303L2.46961 6.53033L3.53027 5.46967L7.99994 9.93934Z" fill="#FFFEFA"></path></g></svg></div><div class="sc-dd041119-14 kYjdsM"><section class="sc-dd041119-17 cAIXhk"><section class="sc-8f844919-0 sc-8f844919-1 fpHhIS dnIcIy"><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj ktXiRB">Platform</p><ul role="menubar" class="sc-c4163730-1 kPRjAI"><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/platform/access-management" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Access Management</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/platform/extensibility" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Extensibility</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/platform/login-security" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Security</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/platform/user-management" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">User Management</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/platform/authentication" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Authentication</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/fine-grained-authorization" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Fine Grained Authorization</a></li></ul><div class="sc-c4163730-4 blDajZ"><a href="https://auth0.com/platform" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 iRnAla hQjuhG">View platform</a></div></section><section class="sc-8f844919-0 sc-8f844919-2 fpHhIS jCxqEl"><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj ktXiRB">Features</p><ul role="menubar" class="sc-c4163730-1 kPRjAI"><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/features/universal-login" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Universal Login</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/features/single-sign-on" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Single Sign On</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/features/multifactor-authentication" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Multifactor Authentication</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/features/actions" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Actions</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/features/machine-to-machine" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Machine to Machine</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/features/passwordless" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Passwordless</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/features/breached-passwords" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Breached Passwords</a></li></ul><div class="sc-c4163730-4 blDajZ"><a href="https://auth0.com/features" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 iRnAla hQjuhG">View features</a></div></section><section class="sc-8f844919-0 sc-8f844919-3 fpHhIS ftjeVJ"><ul class="sc-31a2510-0 eqdKOL"><li class="sc-31a2510-1 hwlhfg"><a rel="external" href="/resources/videos/platform-introduction-video-2020" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 khxxlw BcxXA"><div><p>Technology Overview</p><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 jpLEXt fnEKIk">Watch a walkthrough of the Auth0 Platform</p></div></a></li><li class="sc-31a2510-1 hwlhfg"><a rel="external" href="/platform/cloud-deployment" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 khxxlw BcxXA"><div><p>Cloud Deployments</p><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 jpLEXt fnEKIk">Deploy to the cloud, your way</p></div></a></li><li class="sc-31a2510-1 hwlhfg"><a rel="external" href="/marketplace" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 khxxlw BcxXA"><div><p>Auth0 Marketplace</p><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 jpLEXt fnEKIk">Discover the integrations you need to solve identity</p></div></a></li></ul></section></section></div></li><li role="menuitem" aria-haspopup="true" tabindex="0" class="sc-dd041119-16 guacNV"><div class="sc-dd041119-15 jqmQAZ"><span>Solutions</span><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><g id="chevron-down"><path id="icon" fill-rule="evenodd" clip-rule="evenodd" d="M7.99994 9.93934L12.4696 5.46967L13.5303 6.53033L8.53027 11.5303C8.23738 11.8232 7.76251 11.8232 7.46961 11.5303L2.46961 6.53033L3.53027 5.46967L7.99994 9.93934Z" fill="#FFFEFA"></path></g></svg></div><div class="sc-dd041119-14 kYjdsM"><section class="sc-dd041119-17 cAIXhk"><section class="sc-8f844919-0 sc-8f844919-1 fpHhIS bGXLnD"><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj ktXiRB">Industries</p><ul role="menubar" class="sc-c4163730-1 kPRjAI"><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/nonprofits" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Nonprofits & Charities</a></li><li role="menuitem" class="sc-c4163730-2 hUbpnv"><a rel="external" href="/startups" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc fwumGB">Startups</a></li></ul></section><section class="sc-8f844919-0 sc-8f844919-2 fpHhIS bxnFbo"><div class="sc-8583e179-0 lcoOff"><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj gcXwVY">Use Cases</p><a rel="external" href="/b2c-customer-identity-management" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc bHOya"><span>Consumer Applications</span></a><a rel="external" href="/b2b-saas" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc bHOya"><span>B2B SaaS Applications</span></a><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj gcXwVY">Case Studies</p><a rel="external" href="/customers/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 lcJMmc bHOya"><span>Read our customers stories</span></a></div></section><section class="sc-8f844919-0 sc-8f844919-3 fpHhIS edUBug"><a href="https://okta.valuestoryapp.com/okta/?utm_Origin=Auth0" rel="external" class="sc-1e1df8de-0 VCjId"><div class="sc-1e1df8de-1 jDuOPS"><img loading="lazy" src="https://cdn.auth0.com/website/header/ROI_thumb_2x.png" alt="" class="sc-1e1df8de-3 iiLmVo"/><div><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 ieuKTj jhxKr">CIAM ROI Calculator</p><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 emycaI cKkyKw">Estimate the revenue impact to your customer-facing business</p></div></div></a></section></section></div></li><li role="menuitem" aria-haspopup="false" class="sc-dd041119-16 guacNV"><a href="/pricing/" rel="external" class="sc-dd041119-15 jqmQAZ"><span>Pricing</span></a></li></ul><div class="sc-dd041119-8 goqQNV"><a role="button" rel="external" href="/signup?place=header&type=button&text=sign%20up" tabindex="0" class="styled__Button-sc-1hwml9q-0 utils-sc-11hlfw-0 gvYGiu dUfJVa"><span>Sign up</span></a><a role="button" rel="external" href="/contact-us?place=header&type=button&text=contact%20sales" tabindex="0" class="styled__Button-sc-1hwml9q-0 utils-sc-11hlfw-0 hIGiqp cndUul"><span>Contact sales</span></a></div></div></nav></header><main><section class="sc-3b94eda6-0 bVgRVN"><div class="sc-3b94eda6-1 gUljvi"><div class="sc-3b94eda6-3 bBwxno"><div class="sc-3b94eda6-4 hiFUVK"><h1 class="styled__Display-sc-165cfko-3 utils-sc-11hlfw-0 iuGKQI jezRKS"><span class="sc-3b94eda6-2 juFhAq">/</span>Learn</h1><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 iHUhgQ dmQvNV">Learn all about authentication, security, and customer identity with these helpful articles from the Auth0 team.</p><div class="sc-3b94eda6-6 eNmcas"><a href="https://auth0.com/signup" role="button" tabindex="0" class="styled__Button-sc-1hwml9q-0 utils-sc-11hlfw-0 hdjqdc dmQvNV"><span>Get started</span></a></div></div><img src="https://images.ctfassets.net/kbkgmx9upatd/4Fe6CeGfbptrHtarhsiMwG/69bcc55843401722ec94a4ca36b4febf/Group_39244.svg" class="sc-3b94eda6-5 evmolY"/></div><hr class="sc-3b94eda6-7 gudXjm"/><div class="sc-3b94eda6-8 bLJcIl"><div lang="en" class="sc-3b94eda6-9 dheVdX"><a selected="" href="#ALL" class="sc-3b94eda6-10 hTbLrq">ALL</a><a href="#concepts" class="sc-3b94eda6-10 cKtgSw">concepts</a><a href="#frameworks" class="sc-3b94eda6-10 cKtgSw">frameworks</a><a href="#growth" class="sc-3b94eda6-10 cKtgSw">growth</a><a href="#use-cases" class="sc-3b94eda6-10 cKtgSw">use cases</a><a href="#industries" class="sc-3b94eda6-10 cKtgSw">industries</a></div><div lang="en" class="sc-3b94eda6-11 kfrMbY"><a type="Paragraph" target="__blank" href="https://auth0.com/blog/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 eDcEPo dTPLMd">Blog ↗</a><a type="Paragraph" target="__blank" href="/customers" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 eDcEPo dTPLMd">Case Studies ↗</a><a type="Paragraph" target="__blank" href="https://developer.auth0.com/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 eDcEPo dTPLMd">Developers ↗</a></div></div></div></section><section class="sc-b610803b-0 eTjBiJ"><a rel="external" href="/learn/anomaly-detection" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 eLELzP"><img src="https://images.ctfassets.net/kbkgmx9upatd/d19sKLO3YsBe24KSCT2Zy/6436100fccbb80e97f8148e212046184/image_1.svg" loading="eager" alt="anomaly-detection" aria-hidden="false" class="sc-b610803b-4 iiePZv"/></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Protect Your Users with Attack Protection</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/password-reset" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 dTviRC"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3N9ONfwNMSYxyAApdUkj3D/4690f6f74feef05629bbbbb54ee80b07/Password-Recover-Hero.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3N9ONfwNMSYxyAApdUkj3D/4690f6f74feef05629bbbbb54ee80b07/Password-Recover-Hero.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/3N9ONfwNMSYxyAApdUkj3D/4690f6f74feef05629bbbbb54ee80b07/Password-Recover-Hero.png" aria-hidden="false" alt="password-reset" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Password Reset Is Critical For A Good Customer Experience</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/token-based-authentication-made-easy" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 ivbPgg"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3HDWsOSn1sQRE19iDI6m6Z/fd0e0baf8c669f73cb77d9ccb3401505/token-based-auth.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3HDWsOSn1sQRE19iDI6m6Z/fd0e0baf8c669f73cb77d9ccb3401505/token-based-auth.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/3HDWsOSn1sQRE19iDI6m6Z/fd0e0baf8c669f73cb77d9ccb3401505/token-based-auth.png" aria-hidden="false" alt="token-based-authentication-made-easy" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Token Based Authentication Made Easy</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/rest-vs-soap" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 elUfSo"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/5AOVszrdzcuiPv6IKtgokn/052280f4d5e4e3b52ac64fc15e410bfe/rest-vs-soap.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/5AOVszrdzcuiPv6IKtgokn/052280f4d5e4e3b52ac64fc15e410bfe/rest-vs-soap.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/5AOVszrdzcuiPv6IKtgokn/052280f4d5e4e3b52ac64fc15e410bfe/rest-vs-soap.png" aria-hidden="false" alt="rest-vs-soap" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">REST vs SOAP - Building Modern Applications</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/two-factor-authentication" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 hdkFJj"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/2aE02ONJtJQJQGjP51jH5C/6ff78906ba3eb6f03a082327c908c197/2fa.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/2aE02ONJtJQJQGjP51jH5C/6ff78906ba3eb6f03a082327c908c197/2fa.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/2aE02ONJtJQJQGjP51jH5C/6ff78906ba3eb6f03a082327c908c197/2fa.png" aria-hidden="false" alt="two-factor-authentication" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Two Factor Authentication (2FA)</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/refresh-tokens" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 iuNufC"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/6qjjCX50F0ybRfPmk8TXSS/91fa2f7357a7fbcd473b5f558dc724f7/refresh-tokens.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/6qjjCX50F0ybRfPmk8TXSS/91fa2f7357a7fbcd473b5f558dc724f7/refresh-tokens.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/6qjjCX50F0ybRfPmk8TXSS/91fa2f7357a7fbcd473b5f558dc724f7/refresh-tokens.png" aria-hidden="false" alt="refresh-tokens" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Understanding Refresh Tokens</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/angular-authentication" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 eNqZqF"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/33GcVdZY4zm9bgyXP1e8kI/2c8d4b9f0ae3cded1f8fcad683321b8c/angular-hero.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/33GcVdZY4zm9bgyXP1e8kI/2c8d4b9f0ae3cded1f8fcad683321b8c/angular-hero.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/33GcVdZY4zm9bgyXP1e8kI/2c8d4b9f0ae3cded1f8fcad683321b8c/angular-hero.png" aria-hidden="false" alt="angular-authentication" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">AngularJS Authentication, the Easy Way</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/gcp" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 eLELzP"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/p3EtzHtitWRymkGcPrhY0/95f1fe57bad7969899db841bf9a94cf5/gcp-logo.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/p3EtzHtitWRymkGcPrhY0/95f1fe57bad7969899db841bf9a94cf5/gcp-logo.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/p3EtzHtitWRymkGcPrhY0/95f1fe57bad7969899db841bf9a94cf5/gcp-logo.png" aria-hidden="false" alt="gcp" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">GCP Identity Management Simplified with Auth0</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/build-or-buy-20-identity-management-questions" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 dTviRC"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/4P6HVNR55w7lxTbRlgylBC/df3659a003cec121c2f91e7212ddc1f0/Build-v-Buy-Hero.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/4P6HVNR55w7lxTbRlgylBC/df3659a003cec121c2f91e7212ddc1f0/Build-v-Buy-Hero.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/4P6HVNR55w7lxTbRlgylBC/df3659a003cec121c2f91e7212ddc1f0/Build-v-Buy-Hero.png" aria-hidden="false" alt="build-or-buy-20-identity-management-questions" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Build or Buy? 20 Identity Management Questions.</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/social-login" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 ivbPgg"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3VNzx79uWL5H1JWtFMgLoj/968925d90ab3a09f4bb8bd95621823fe/catalog-social.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3VNzx79uWL5H1JWtFMgLoj/968925d90ab3a09f4bb8bd95621823fe/catalog-social.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/3VNzx79uWL5H1JWtFMgLoj/968925d90ab3a09f4bb8bd95621823fe/catalog-social.png" aria-hidden="false" alt="social-login" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Social Login - Time to implement it in your apps</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/how-to-implement-single-sign-on" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 elUfSo"><picture><source srcSet="https://images.ctfassets.net/23aumh6u8s0i/2xIzg7UIbBpGNvCeRsdn4k/32f29b73fc2b4bd33bac6fe124d9bfb1/what-is-sso-1?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/23aumh6u8s0i/2xIzg7UIbBpGNvCeRsdn4k/32f29b73fc2b4bd33bac6fe124d9bfb1/what-is-sso-1" type="image/jpg"/><img loading="eager" src="https://images.ctfassets.net/23aumh6u8s0i/2xIzg7UIbBpGNvCeRsdn4k/32f29b73fc2b4bd33bac6fe124d9bfb1/what-is-sso-1" aria-hidden="false" alt="how-to-implement-single-sign-on" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">How to Implement Single Sign On</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/cloud-identity-access-management" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 hdkFJj"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/5xXb0qQocOpKljdgS7jbOB/92a91f30c0f83ace48fc985255595c66/iam-what-is.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/5xXb0qQocOpKljdgS7jbOB/92a91f30c0f83ace48fc985255595c66/iam-what-is.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/5xXb0qQocOpKljdgS7jbOB/92a91f30c0f83ace48fc985255595c66/iam-what-is.png" aria-hidden="false" alt="cloud-identity-access-management" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Cloud Identity and Access Management (IAM)</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/get-started-with-mfa" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 iuNufC"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/6VLMfLTi862UcU2piK7SAQ/ea1ae8b064cb0db2901160bfb73aea5b/hero-mfa.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/6VLMfLTi862UcU2piK7SAQ/ea1ae8b064cb0db2901160bfb73aea5b/hero-mfa.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/6VLMfLTi862UcU2piK7SAQ/ea1ae8b064cb0db2901160bfb73aea5b/hero-mfa.png" aria-hidden="false" alt="get-started-with-mfa" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Multifactor Authentication (MFA)</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/customer-loyalty-program" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 eNqZqF"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/VBjICQvGNYr2044LHwHAu/a7cc2dbb015e0cd73476ce2fa1fbe7cd/loyalty-hero.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/VBjICQvGNYr2044LHwHAu/a7cc2dbb015e0cd73476ce2fa1fbe7cd/loyalty-hero.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/VBjICQvGNYr2044LHwHAu/a7cc2dbb015e0cd73476ce2fa1fbe7cd/loyalty-hero.png" aria-hidden="false" alt="customer-loyalty-program" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Identity - The Cornerstone of a Loyalty Program</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/the-b2b-customer-value-journey" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 eLELzP"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/1l0gCnSfU7mDAwpOpAWj2m/da031fbd53bd902f221e4029e0b84db9/b2b-hero.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/1l0gCnSfU7mDAwpOpAWj2m/da031fbd53bd902f221e4029e0b84db9/b2b-hero.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/1l0gCnSfU7mDAwpOpAWj2m/da031fbd53bd902f221e4029e0b84db9/b2b-hero.png" aria-hidden="false" alt="the-b2b-customer-value-journey" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">The B2B Customer Value Journey</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/why-hipaa-compliance-is-vital-your-business" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 dTviRC"></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Why HIPAA Compliance Is Vital For Your Business</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/b2c-customer-value-journey" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 ivbPgg"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/57ahivvmqKEsOmiI21crKq/cde4b7667ad1b94753d3dc2a026508c7/auth0lock-widget.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/57ahivvmqKEsOmiI21crKq/cde4b7667ad1b94753d3dc2a026508c7/auth0lock-widget.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/57ahivvmqKEsOmiI21crKq/cde4b7667ad1b94753d3dc2a026508c7/auth0lock-widget.png" aria-hidden="false" alt="b2c-customer-value-journey" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">The B2C Customer Value Journey</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/how-auth0-uses-identity-industry-standards" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 elUfSo"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/7wEY6AU0ZnpN792z5zsxns/9cfd625abb779640d10a5ee63f91b32e/Identity-Industry-Standards-hero.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/7wEY6AU0ZnpN792z5zsxns/9cfd625abb779640d10a5ee63f91b32e/Identity-Industry-Standards-hero.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/7wEY6AU0ZnpN792z5zsxns/9cfd625abb779640d10a5ee63f91b32e/Identity-Industry-Standards-hero.png" aria-hidden="false" alt="how-auth0-uses-identity-industry-standards" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">How Auth0 Uses Identity Industry Standards</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/powering-user-analytics-identity" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 hdkFJj"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/4vWXL24FahzmsWI2u69KmZ/e7b6a984fc06ae11e360b4434f1f19ae/analytics-hero.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/4vWXL24FahzmsWI2u69KmZ/e7b6a984fc06ae11e360b4434f1f19ae/analytics-hero.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/4vWXL24FahzmsWI2u69KmZ/e7b6a984fc06ae11e360b4434f1f19ae/analytics-hero.png" aria-hidden="false" alt="powering-user-analytics-identity" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Powering User Analytics With Identity</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/multifactor-authentication-customers" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 iuNufC"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/52W8K7YeXeTXzWLG0Nm2wD/1eff1a4ad96096c3397d106b24c6a158/mfa-customers.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/52W8K7YeXeTXzWLG0Nm2wD/1eff1a4ad96096c3397d106b24c6a158/mfa-customers.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/52W8K7YeXeTXzWLG0Nm2wD/1eff1a4ad96096c3397d106b24c6a158/mfa-customers.png" aria-hidden="false" alt="multifactor-authentication-customers" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Multifactor Authentication for Customers</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/migrate-user-database-auth0" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 eNqZqF"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/6NZlGLRqoHmsRRlI6F3X0I/f8038937b3113bf5f0d340b91f44eda5/migrate-user-db-hero.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/6NZlGLRqoHmsRRlI6F3X0I/f8038937b3113bf5f0d340b91f44eda5/migrate-user-db-hero.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/6NZlGLRqoHmsRRlI6F3X0I/f8038937b3113bf5f0d340b91f44eda5/migrate-user-db-hero.png" aria-hidden="false" alt="migrate-user-database-auth0" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Migrate a User Database to Auth0</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/multi-party-authentication-flow" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 eLELzP"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/2AC2A0lEc4JL6EclG5LI3z/9662ce12c12c9031c1d9334dfbe772ec/multiparty-hero.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/2AC2A0lEc4JL6EclG5LI3z/9662ce12c12c9031c1d9334dfbe772ec/multiparty-hero.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/2AC2A0lEc4JL6EclG5LI3z/9662ce12c12c9031c1d9334dfbe772ec/multiparty-hero.png" aria-hidden="false" alt="multi-party-authentication-flow" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Multi-Party Authentication Flow</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/media" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 dTviRC"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3KVQmEtsKSa5qhWA108X92/d6298294b32162114fb75487a498846f/learn-media.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3KVQmEtsKSa5qhWA108X92/d6298294b32162114fb75487a498846f/learn-media.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/3KVQmEtsKSa5qhWA108X92/d6298294b32162114fb75487a498846f/learn-media.png" aria-hidden="false" alt="media" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Bringing the Digital Subscriber Closer to You</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/retail" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 ivbPgg"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/79gv7VOyR0Zd4nC8LLt76w/5c352805517fae4ff446304215ec433a/learn-retail.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/79gv7VOyR0Zd4nC8LLt76w/5c352805517fae4ff446304215ec433a/learn-retail.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/79gv7VOyR0Zd4nC8LLt76w/5c352805517fae4ff446304215ec433a/learn-retail.png" aria-hidden="false" alt="retail" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Everything revolves around the customer. Why shouldn’t Identity?</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/b2c-delight-your-customers-with-auth0" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 elUfSo"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3YDkrFBgODwTQpFbwN4si7/56f1ff8776d76e24877afc9eb9304195/delight-customers.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3YDkrFBgODwTQpFbwN4si7/56f1ff8776d76e24877afc9eb9304195/delight-customers.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/3YDkrFBgODwTQpFbwN4si7/56f1ff8776d76e24877afc9eb9304195/delight-customers.png" aria-hidden="false" alt="b2c-delight-your-customers-with-auth0" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Delight Your Customers With Auth0</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/telecommunications-industry" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 hdkFJj"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3XqK7RqcOjrrUyBgbrGz1W/441ac6097ac3c7b5894efc72c16f7eff/telecommunications.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/3XqK7RqcOjrrUyBgbrGz1W/441ac6097ac3c7b5894efc72c16f7eff/telecommunications.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/3XqK7RqcOjrrUyBgbrGz1W/441ac6097ac3c7b5894efc72c16f7eff/telecommunications.png" aria-hidden="false" alt="telecommunications-industry" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">For the Telecommunications Industry, Identity Matters</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/json-web-tokens" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 iuNufC"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/6E4gdxqqmafg9Usjz9etTU/bc93ad8e3cea217c3de390239ff34c8c/jwt-hero.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/6E4gdxqqmafg9Usjz9etTU/bc93ad8e3cea217c3de390239ff34c8c/jwt-hero.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/6E4gdxqqmafg9Usjz9etTU/bc93ad8e3cea217c3de390239ff34c8c/jwt-hero.png" aria-hidden="false" alt="json-web-tokens" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Get Started with JSON Web Tokens</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a><a rel="external" href="/learn/real-estate" class="sc-b610803b-2 gaTwBD"><div class="sc-b610803b-3 eNqZqF"><picture><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/7MbCEmsNqmotPm28sOrJWq/cdc709deeb75c437222cb768ad99547c/office_R_white.png?fm=webp" type="image/webp"/><source srcSet="https://images.ctfassets.net/kbkgmx9upatd/7MbCEmsNqmotPm28sOrJWq/cdc709deeb75c437222cb768ad99547c/office_R_white.png" type="image/png"/><img loading="eager" src="https://images.ctfassets.net/kbkgmx9upatd/7MbCEmsNqmotPm28sOrJWq/cdc709deeb75c437222cb768ad99547c/office_R_white.png" aria-hidden="false" alt="real-estate" class="sc-b610803b-4 iiePZv"/></picture></div><div class="sc-b610803b-1 kroUug"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 egthED hgXRwi">Better, Easier Identity Management for Real Estate Companies</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 fDNRCP bAoEZo">Read article →</p></div></a></section><section class="sc-52f1df5b-0 kMKoul"><div class="sc-52f1df5b-1 hGLrTS"><div class="sc-52f1df5b-2 iEnodj"><h2 class="styled__Heading-sc-165cfko-2 utils-sc-11hlfw-0 gdQOyr bBntAC">Sign up for free</h2><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 dGFrmP ljpwTk">Start building today and secure your apps with the Auth0 identity platform today.</p><div class="sc-52f1df5b-4 keuylH"><a href="/signup" role="button" tabindex="0" class="styled__Button-sc-1hwml9q-0 utils-sc-11hlfw-0 hdjqdc dmQvNV"><span>Try for free</span></a></div></div><img src="https://cdn.auth0.com/website/learn/banner/Rectangle_1479.png" alt="3D login box" class="sc-52f1df5b-3 euBHLz"/></div></section></main><div class="sc-5aba37fd-0 boeDXs"><footer class="sc-5aba37fd-1 iNOOcn"><nav class="sc-5aba37fd-2 hsxkU"><section><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 dveEmL dLXTcP">Developers</p><ul class="sc-5aba37fd-3 bzdtTB"><li class="sc-5aba37fd-5 kdoBcI"><a href="https://developer.auth0.com/resources" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Developer Hub </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://developer.auth0.com/resources/code-samples" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Code Samples and Guides </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/blog/developers/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Blog posts </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://identityunlocked.auth0.com/public/49/Identity,-Unlocked.--bed7fada" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Identity Unlocked - Podcasts </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://developer.auth0.com/newsletter" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Zero Index Newsletter </a></li></ul></section><section><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 dveEmL dLXTcP">Documentation</p><ul class="sc-5aba37fd-3 bzdtTB"><li class="sc-5aba37fd-5 kdoBcI"><a href="/docs/articles" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Articles </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/docs/quickstarts" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Quickstarts </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/docs/api" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">APIs </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/docs/libraries" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">SDK Libraries </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://auth0.com/blog/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Blog </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://auth0.com/resources/ebooks" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Reports </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://auth0.com/resources/webinars" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Webinars </a></li></ul></section><section><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 dveEmL dLXTcP">Get Involved</p><ul class="sc-5aba37fd-3 bzdtTB"><li class="sc-5aba37fd-5 kdoBcI"><a href="https://community.auth0.com/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Forum </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://developer.auth0.com/events" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Events </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/ambassador-program" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Ambassador Program </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/research-program" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Auth0 Research Program </a></li></ul></section><section><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 dveEmL dLXTcP">Company</p><ul class="sc-5aba37fd-3 bzdtTB"><li class="sc-5aba37fd-5 kdoBcI"><a href="/customers" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Our Customers </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/security" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Compliance - Ensuring privacy and security </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/partners" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Partners </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://www.okta.com/company/careers/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Careers <span class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 kGYMnY dmQvNV">We're hiring!</span></a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://www.okta.com/okta-and-auth0/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Okta + Auth0 </a></li></ul></section><section><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 dveEmL dLXTcP">Support Center</p><ul class="sc-5aba37fd-3 bzdtTB"><li class="sc-5aba37fd-5 kdoBcI"><a href="https://community.auth0.com/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Community </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://support.auth0.com/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Support </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://community.auth0.com/c/help/6" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Help </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://community.auth0.com/c/faq/42" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">FAQs </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://marketplace.auth0.com" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Auth0 Marketplace </a></li></ul></section><section><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 dveEmL dLXTcP">Learning</p><ul class="sc-5aba37fd-3 bzdtTB"><li class="sc-5aba37fd-5 kdoBcI"><a href="/learn" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Learn </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/intro-to-iam" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Intro to IAM (CIAM) </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="https://auth0.com/blog/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Blog </a></li></ul></section><section><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 dveEmL dLXTcP">Platform</p><ul class="sc-5aba37fd-3 bzdtTB"><li class="sc-5aba37fd-5 kdoBcI"><a href="/platform/access-management" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Access Management </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/platform/extensibility" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Extensibility </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/platform/login-security" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Security </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/platform/user-management" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">User Management </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/platform/authentication" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Authentication </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/platform/cloud-deployment" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Cloud deployments </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/fine-grained-authorization" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Fine Grained Authorization </a></li></ul></section><section><p class="styled__Overline-sc-165cfko-0 utils-sc-11hlfw-0 dveEmL dLXTcP">Features</p><ul class="sc-5aba37fd-3 bzdtTB"><li class="sc-5aba37fd-5 kdoBcI"><a href="/features/universal-login" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Universal Login </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/features/single-sign-on" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Single Sign On </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/features/multifactor-authentication" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Multifactor Authentication </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/features/actions" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Actions </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/features/machine-to-machine" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Machine to Machine </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/features/passwordless" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Passwordless </a></li><li class="sc-5aba37fd-5 kdoBcI"><a href="/features/breached-passwords" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM cHhniM">Breached Passwords </a></li></ul></section><section class="sc-5aba37fd-6 lnUvqq"><div class="sc-5aba37fd-7 ixSxQa"><a href="https://twitter.com/auth0" target="_blank" rel="noopener noreferrer" aria-label="Twitter link" class="sc-5aba37fd-8 jBtHBW"><svg viewBox="0 0 24 24" aria-hidden="true" width="24" height="24" fill="none"><g><path fill="#fff" d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"></path></g></svg></a><a href="https://linkedin.com/company/auth0" target="_blank" rel="noopener noreferrer" aria-label="Linkedin link" class="sc-5aba37fd-8 jBtHBW"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M19.5561 3H4.53738C3.71707 3 2.99988 3.59063 2.99988 4.40156V19.4531C2.99988 20.2687 3.71707 20.9953 4.53738 20.9953H19.5514C20.3764 20.9953 20.9952 20.2641 20.9952 19.4531V4.40156C20.9999 3.59063 20.3764 3 19.5561 3ZM8.578 18H5.99988V9.98438H8.578V18ZM7.378 8.76562H7.35925C6.53425 8.76562 5.99988 8.15156 5.99988 7.38281C5.99988 6.6 6.54831 6 7.39206 6C8.23581 6 8.75144 6.59531 8.77019 7.38281C8.77019 8.15156 8.23581 8.76562 7.378 8.76562ZM17.9999 18H15.4218V13.6172C15.4218 12.5672 15.0468 11.85 14.1139 11.85C13.4014 11.85 12.9796 12.3328 12.7921 12.8016C12.7218 12.9703 12.703 13.2 12.703 13.4344V18H10.1249V9.98438H12.703V11.1C13.078 10.5656 13.6639 9.79688 15.028 9.79688C16.7202 9.79688 17.9999 10.9125 17.9999 13.3172V18Z" fill="#fff"></path></svg></a><a href="https://github.com/auth0" target="_blank" rel="noopener noreferrer" aria-label="Github link" class="sc-5aba37fd-8 jBtHBW"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M12 1.5C6.20156 1.5 1.5 6.32344 1.5 12.2672C1.5 17.025 4.50937 21.0562 8.68125 22.4813C8.74687 22.4953 8.80312 22.5 8.85938 22.5C9.24844 22.5 9.39844 22.2141 9.39844 21.9656C9.39844 21.7078 9.38906 21.0328 9.38437 20.1328C8.99062 20.2219 8.63906 20.2594 8.325 20.2594C6.30469 20.2594 5.84531 18.6891 5.84531 18.6891C5.36719 17.4469 4.67813 17.1141 4.67813 17.1141C3.76406 16.4719 4.67344 16.4531 4.74375 16.4531H4.74844C5.80313 16.5469 6.35625 17.5687 6.35625 17.5687C6.88125 18.4875 7.58437 18.7453 8.2125 18.7453C8.70469 18.7453 9.15 18.5859 9.4125 18.4641C9.50625 17.7703 9.77812 17.2969 10.0781 17.025C7.74844 16.7531 5.29688 15.8297 5.29688 11.7047C5.29688 10.5281 5.70469 9.56719 6.375 8.81719C6.26719 8.54531 5.90625 7.44844 6.47812 5.96719C6.47812 5.96719 6.55312 5.94375 6.7125 5.94375C7.09219 5.94375 7.95 6.08906 9.36563 7.07344C10.2047 6.83437 11.1 6.71719 11.9953 6.7125C12.8859 6.71719 13.7859 6.83437 14.625 7.07344C16.0406 6.08906 16.8984 5.94375 17.2781 5.94375C17.4375 5.94375 17.5125 5.96719 17.5125 5.96719C18.0844 7.44844 17.7234 8.54531 17.6156 8.81719C18.2859 9.57188 18.6937 10.5328 18.6937 11.7047C18.6937 15.8391 16.2375 16.7484 13.8984 17.0156C14.2734 17.3484 14.6109 18.0047 14.6109 19.0078C14.6109 20.4469 14.5969 21.6094 14.5969 21.9609C14.5969 22.2141 14.7422 22.5 15.1312 22.5C15.1875 22.5 15.2531 22.4953 15.3187 22.4813C19.4953 21.0562 22.5 17.0203 22.5 12.2672C22.5 6.32344 17.7984 1.5 12 1.5Z" fill="#fff"></path></svg></a></div></section></nav><section class="sc-5aba37fd-10 hmJgtx"><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 iLVGZP hTUVnp">© 2024 Okta, Inc. All Rights Reserved.</p><div class="sc-5aba37fd-12 ieEaFH"><a href="https://status.auth0.com" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM dmQvNV">Status</a> • <a href="https://www.okta.com/agreements/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM dmQvNV">Legal</a> • <a href="/privacy" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM dmQvNV">Privacy</a> • <a href="https://www.okta.com/terms-of-service" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM dmQvNV">Terms</a> • <a href="/your-privacy-choices" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM dmQvNV">Your Privacy Choices</a><img alt="" src="https://cdn.auth0.com/website/footer/ccpa.svg"/></div><span class="sc-5aba37fd-13 YUhCw"><span class="sc-5aba37fd-17 jYEgAu"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12 22C17.5228 22 22 17.5228 22 12C22 6.47715 17.5228 2 12 2C6.47715 2 2 6.47715 2 12C2 17.5228 6.47715 22 12 22Z" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M2 12H22" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M12 2C14.5013 4.73835 15.9228 8.29203 16 12C15.9228 15.708 14.5013 19.2616 12 22C9.49872 19.2616 8.07725 15.708 8 12C8.07725 8.29203 9.49872 4.73835 12 2V2Z" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path></svg><span aria-haspopup="true" aria-labelledby="language-selector" tabindex="0" class="sc-5aba37fd-18 lfXgaO">English</span><svg width="8" height="6" viewBox="0 0 8 6" fill="none" xmlns="http://www.w3.org/2000/svg" style="margin-left:0.6rem"><path d="M1 1.5L4 4.5L7 1.5" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path></svg><div class="sc-5aba37fd-14 gAfsIP"><ul class="sc-5aba37fd-15 cQGznC"><li aria-labelledby="lang-item-Deutsch" tabindex="0" class="sc-5aba37fd-16 bYxAPV">Deutsch</li><li aria-labelledby="lang-item-English" tabindex="0" class="sc-5aba37fd-16 bYxAPV">English</li><li aria-labelledby="lang-item-Français" tabindex="0" class="sc-5aba37fd-16 bYxAPV">Français</li><li aria-labelledby="lang-item-Español" tabindex="0" class="sc-5aba37fd-16 bYxAPV">Español</li><li aria-labelledby="lang-item-Português" tabindex="0" class="sc-5aba37fd-16 bYxAPV">Português</li><li aria-labelledby="lang-item-日本語" tabindex="0" class="sc-5aba37fd-16 bYxAPV">日本語</li></ul></div></span></span></section><section class="sc-5aba37fd-9 jopQid"><div class="sc-5aba37fd-7 hBNnUf"><a href="https://twitter.com/auth0" target="_blank" rel="noopener noreferrer" aria-label="Twitter link" class="sc-5aba37fd-8 jBtHBW"><svg viewBox="0 0 24 24" aria-hidden="true" width="24" height="24" fill="none"><g><path fill="#fff" d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"></path></g></svg></a><a href="https://linkedin.com/company/auth0" target="_blank" rel="noopener noreferrer" aria-label="Linkedin link" class="sc-5aba37fd-8 jBtHBW"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M19.5561 3H4.53738C3.71707 3 2.99988 3.59063 2.99988 4.40156V19.4531C2.99988 20.2687 3.71707 20.9953 4.53738 20.9953H19.5514C20.3764 20.9953 20.9952 20.2641 20.9952 19.4531V4.40156C20.9999 3.59063 20.3764 3 19.5561 3ZM8.578 18H5.99988V9.98438H8.578V18ZM7.378 8.76562H7.35925C6.53425 8.76562 5.99988 8.15156 5.99988 7.38281C5.99988 6.6 6.54831 6 7.39206 6C8.23581 6 8.75144 6.59531 8.77019 7.38281C8.77019 8.15156 8.23581 8.76562 7.378 8.76562ZM17.9999 18H15.4218V13.6172C15.4218 12.5672 15.0468 11.85 14.1139 11.85C13.4014 11.85 12.9796 12.3328 12.7921 12.8016C12.7218 12.9703 12.703 13.2 12.703 13.4344V18H10.1249V9.98438H12.703V11.1C13.078 10.5656 13.6639 9.79688 15.028 9.79688C16.7202 9.79688 17.9999 10.9125 17.9999 13.3172V18Z" fill="#fff"></path></svg></a><a href="https://github.com/auth0" target="_blank" rel="noopener noreferrer" aria-label="Github link" class="sc-5aba37fd-8 jBtHBW"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M12 1.5C6.20156 1.5 1.5 6.32344 1.5 12.2672C1.5 17.025 4.50937 21.0562 8.68125 22.4813C8.74687 22.4953 8.80312 22.5 8.85938 22.5C9.24844 22.5 9.39844 22.2141 9.39844 21.9656C9.39844 21.7078 9.38906 21.0328 9.38437 20.1328C8.99062 20.2219 8.63906 20.2594 8.325 20.2594C6.30469 20.2594 5.84531 18.6891 5.84531 18.6891C5.36719 17.4469 4.67813 17.1141 4.67813 17.1141C3.76406 16.4719 4.67344 16.4531 4.74375 16.4531H4.74844C5.80313 16.5469 6.35625 17.5687 6.35625 17.5687C6.88125 18.4875 7.58437 18.7453 8.2125 18.7453C8.70469 18.7453 9.15 18.5859 9.4125 18.4641C9.50625 17.7703 9.77812 17.2969 10.0781 17.025C7.74844 16.7531 5.29688 15.8297 5.29688 11.7047C5.29688 10.5281 5.70469 9.56719 6.375 8.81719C6.26719 8.54531 5.90625 7.44844 6.47812 5.96719C6.47812 5.96719 6.55312 5.94375 6.7125 5.94375C7.09219 5.94375 7.95 6.08906 9.36563 7.07344C10.2047 6.83437 11.1 6.71719 11.9953 6.7125C12.8859 6.71719 13.7859 6.83437 14.625 7.07344C16.0406 6.08906 16.8984 5.94375 17.2781 5.94375C17.4375 5.94375 17.5125 5.96719 17.5125 5.96719C18.0844 7.44844 17.7234 8.54531 17.6156 8.81719C18.2859 9.57188 18.6937 10.5328 18.6937 11.7047C18.6937 15.8391 16.2375 16.7484 13.8984 17.0156C14.2734 17.3484 14.6109 18.0047 14.6109 19.0078C14.6109 20.4469 14.5969 21.6094 14.5969 21.9609C14.5969 22.2141 14.7422 22.5 15.1312 22.5C15.1875 22.5 15.2531 22.4953 15.3187 22.4813C19.4953 21.0562 22.5 17.0203 22.5 12.2672C22.5 6.32344 17.7984 1.5 12 1.5Z" fill="#fff"></path></svg></a></div><div class="sc-5aba37fd-11 iaXEGm"><div class="sc-5aba37fd-12 ieEaFH"><a href="https://status.auth0.com" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM dmQvNV">Status</a> • <a href="https://www.okta.com/agreements/" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM dmQvNV">Legal</a> • <a href="/privacy" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM dmQvNV">Privacy</a> • <a href="https://www.okta.com/terms-of-service" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM dmQvNV">Terms</a> • <a href="/your-privacy-choices" class="styled__Link-sc-bubr9x-0 utils-sc-11hlfw-0 ccVfFM dmQvNV">Your Privacy Choices</a><img alt="" src="https://cdn.auth0.com/website/footer/ccpa.svg"/></div><span class="sc-5aba37fd-13 YUhCw"><span class="sc-5aba37fd-17 jYEgAu"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12 22C17.5228 22 22 17.5228 22 12C22 6.47715 17.5228 2 12 2C6.47715 2 2 6.47715 2 12C2 17.5228 6.47715 22 12 22Z" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path d="M2 12H22" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M12 2C14.5013 4.73835 15.9228 8.29203 16 12C15.9228 15.708 14.5013 19.2616 12 22C9.49872 19.2616 8.07725 15.708 8 12C8.07725 8.29203 9.49872 4.73835 12 2V2Z" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path></svg><span aria-haspopup="true" aria-labelledby="language-selector" tabindex="0" class="sc-5aba37fd-18 lfXgaO">English</span><svg width="8" height="6" viewBox="0 0 8 6" fill="none" xmlns="http://www.w3.org/2000/svg" style="margin-left:0.6rem"><path d="M1 1.5L4 4.5L7 1.5" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"></path></svg><div class="sc-5aba37fd-14 gAfsIP"><ul class="sc-5aba37fd-15 cQGznC"><li aria-labelledby="lang-item-Deutsch" tabindex="0" class="sc-5aba37fd-16 bYxAPV">Deutsch</li><li aria-labelledby="lang-item-English" tabindex="0" class="sc-5aba37fd-16 bYxAPV">English</li><li aria-labelledby="lang-item-Français" tabindex="0" class="sc-5aba37fd-16 bYxAPV">Français</li><li aria-labelledby="lang-item-Español" tabindex="0" class="sc-5aba37fd-16 bYxAPV">Español</li><li aria-labelledby="lang-item-Português" tabindex="0" class="sc-5aba37fd-16 bYxAPV">Português</li><li aria-labelledby="lang-item-日本語" tabindex="0" class="sc-5aba37fd-16 bYxAPV">日本語</li></ul></div></span></span></div><p class="styled__Paragraph-sc-165cfko-1 utils-sc-11hlfw-0 iLVGZP cFkooD">© 2024 Okta, Inc. All Rights Reserved.</p></section></footer></div><div id="asset-library-root"></div><iframe id="drift-iframe" src="https://drift.app.auth0.com/drift-iframe" title="Drift iframe" style="width:0;height:0;border:none;position:absolute"></iframe><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-W7FRLJ" height="0" width="0" style="display:none;visibility:hidden" title="gtm"></iframe></noscript></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"lang":"en","data":[{"id":"anomaly-detection","title":"Protect Your Users with Attack Protection","description":"Learn about attack protection and how you can shield your app from suspicious login activity.","category":"concepts","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/d19sKLO3YsBe24KSCT2Zy/6436100fccbb80e97f8148e212046184/image_1.svg","mimeType":"image/svg+xml"},"content":[{"title":"What is Attack Protection?","description":"\u003cp\u003eDetecting unusual or alarming login behavior is vital to protecting your users. Attack Protection is the process of implementing controls that place friction in the path of the login experience for potential attackers and bad actors. Typically, this is achieved by identifying potential patterns of misuse, and then placing specifically controlled restrictions which take a variety of different forms. For example, certain outlier patterns detected during login can be identified - such as where access attempts occur from a particular place or device never seen before for a particular user. In such cases, additional controls can be deployed which attempt to restrict access via login challenges utilizing the likes of \u003ca href='https://a0.to/learn-mfa' target='_blank'\u003eMFA\u003c/a\u003e or CAPTCHA.\u003c/p\u003e\u003cdiv class='new-banner' style='background-color:#f5f7f9;width:100%;display:flex;flex-direction:row;justify-content:center;align-items:center;border-radius:3px;box-shadow:0 4px 8px rgba(0,0,0,.15);margin:60px 0 20px 0'\u003e\u003cdiv style='text-align:center'\u003e\u003cimg src='https://images.ctfassets.net/kbkgmx9upatd/1ZplRmoLYuZkhjCjYjZHFk/2dbb4c9f5fb9d6b81457ae2d43577ace/Security_-_Hero.png' alt='How it works'\u003e\u003c/div\u003e\u003c/div\u003e"},{"title":"Identifying Suspicious Activity","description":"\u003cp\u003eHave you ever received an email asking “was this you?” After logging into a website on a new computer or mobile phone? This is the result of attack protection. And there are a number of different login behaviors that could be considered suspicious - with some being higher risk than others. For example, a user logging in at an unusual time of day is typically a low-risk anomaly. A more threatening anomaly would be dozens of failed login attempts in a very short time. From \u003ca href='https://en.wikipedia.org/wiki/Brute-force_attack' target='_blank' rel='noopener noreferrer'\u003ebrute force attack\u003c/a\u003e, to \u003ca href='https://en.wikipedia.org/wiki/Data_breach' target='_blank' rel='noopener noreferrer'\u003esecure data breach\u003c/a\u003e (such as mass password leaks) and \u003ca href='https://en.wikipedia.org/wiki/Credential_stuffing' target='_blank' rel='noopener noreferrer'\u003ecredential stuffing\u003c/a\u003e, effective attack protection should be there to notify an application owner of any anomalous behaviour. And also take specific action(s) to protect an end user account.\u003c/p\u003e"},{"title":"Implementing Attack Protection with Auth0","description":"\u003cp\u003eAuth0 provides multiple \u003ca href='https://auth0.com/docs/attack-protection'\u003eattack protection features\u003c/a\u003e - like \u003ci\u003eBot Detection\u003c/i\u003e - that can be easily deloyed right out of the box. And each of these features can be easily configured to detect different anomalous patterns during the login transactions.\u003c/p\u003e\u003cdiv\u003e\u003cimg style='margin:auto;display:block' class='vidyard-player-embed' src='https://share.vidyard.com/watch/qAveTZsoADjubmHYbmvJ1M' data-uuid='qAveTZsoADjubmHYbmvJ1M' data-v='4'\u003e\u003cscript type='text/javascript' async src='https://play.vidyard.com/embed/v4.js'\u003e\u003c/script\u003e\u003c/div\u003e"},{"title":"Auth0 Attack Protection Features","description":"\u003cp\u003eAuth0 offers a layered approach to attack protection, with a wide range of detection and response tools. Auth0 can detect suspicious activity from bots, or login attempts that come at unusual velocities - e.g. where one or more accounts are the target of numerous brute force attacks within a short space of time. Or even if an attempt is made to use credentials known to be stolen in a data breach.\u003c/p\u003e"},{"title":"Stay Informed","description":"\u003cp\u003eDiscover helpful CIAM articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, viewing, listening, cloning repos, copying code, or attending a workshop or conference, our content is everywhere and made for developers like you.\u003c/p\u003e\u003cfigure class='size-large'\u003e\u003ca href='https://a0.to/nl-signup' target='_blank' rel='noreferrer noopener'\u003e\u003cimg src='https://pages.okta.com/rs/855-QAH-699/images/zero-index-email-header_auth0_1201-401.png' alt=''\u003e\u003c/a\u003e\u003cfigcaption class='wp-element-caption'\u003e\u003cem\u003eClick to subscribe\u003c/em\u003e\u003c/figcaption\u003e\u003c/figure\u003e"}]},{"id":"password-reset","title":"Password Reset Is Critical For A Good Customer Experience","description":"Learn about how to keep your accounts secure while minimizing customer friction","category":"concepts","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/3N9ONfwNMSYxyAApdUkj3D/4690f6f74feef05629bbbbb54ee80b07/Password-Recover-Hero.png","mimeType":"image/png"},"content":[{"title":"Why Is Password Reset So Critical?","description":"\u003cp\u003eThe average American email address has \u003ca href='http://blog.dashlane.com/wp-content/uploads/2015/07/MailboxSecurity_infographic_EN_final1.jpg'\u003e130\u003c/a\u003e accounts registered to it, and the number of accounts per user is \u003ca href='http://blog.dashlane.com/infographic-online-overload-its-worse-than-you-thought/'\u003edoubling\u003c/a\u003e every five years. This massive rise in accounts also means users are accumulating more and more passwords, making it inevitable that they will forget one from time to time.\u003c/p\u003e\u003cp\u003e\u003ca href='http://www.marketwired.com/press-release/lunabee-survey-finds-that-17-percent-internet-users-often-forget-their-online-passwords-1850682.htm'\u003e58%\u003c/a\u003e of users admit to forgetting their password frequently, and the average internet user receives roughly \u003ca href='http://blog.dashlane.com/wp-content/uploads/2015/07/MailboxSecurity_infographic_EN_final1.jpg'\u003e37\u003c/a\u003e “forgot password” emails a year.\u003c/p\u003e\u003cp\u003eThese realities make password reset a necessity for any app. However, building a good password reset process is more than asking security questions. If your password reset process makes life harder for your customers, you’ll be giving them a reason to stop using your service.\u003c/p\u003e"},{"title":"What Makes A Good Reset Process?","description":"\u003cp\u003eGood password reset processes do two things:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eThey minimize friction for the customer. \u003c/b\u003eIt shouldn’t take your customer more than a minute to reset their password, and the process should only require information customers are comfortable entering, like email addresses.\u003c/li\u003e\u003cli\u003e\u003cb\u003eThey make sure the customer’s information is secure.\u003c/b\u003e Providing safeguards against things like multiple failed logins and only sending information via secure channels.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eEmail is most commonly used for password reset because it satisfies both these criteria. It \u003cb\u003eminimizes friction\u003c/b\u003e as typing in an email address is quick and easy for a customer, and it will \u003cb\u003eprotect their information\u003c/b\u003e as only the customer should have access to their inbox.\u003c/p\u003e"},{"title":"Why Is Password Reset So Hard To Do Right?","description":"\u003cp\u003eA single misstep in password reset can ruin your customer’s entire experience with your product. These mistakes often come in the form of:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eSecurity questions\u003c/b\u003e \u0026#8211; Static information is easy to obtain. Where you went to school, your mother’s maiden name, even your pet’s name, are probably available somewhere on the internet, making them available to attackers.\u003c/li\u003e\u003cli\u003e\u003cb\u003ePasswords in plaintext\u003c/b\u003e \u0026#8211; Instead of resetting the password, some sites send the original password back to the customer, which is a \u003ca href='http://krebsonsecurity.com/2012/06/naming-and-shaming-the-plaintext-offenders/'\u003emassive vulnerability\u003c/a\u003e. In order for a password to be sent in plaintext, it must be stored in plaintext, which means that the chances of attack are increased.\u003c/li\u003e\u003cli\u003e\u003cb\u003eError messages\u003c/b\u003e \u0026#8211; If an application says whether or not an email address is registered, an attacker could potentially know if a customer has an account. This gives them one more piece of information to use against your customer.\u003c/li\u003e\u003cli\u003e\u003cb\u003eRequiring unnecessary information\u003c/b\u003e \u0026#8211; Security must be balanced with usability. Asking customers for a photo ID is a safe practice, but its overall effect on the customer experience is a \u003ca href='http://www.wired.com/2015/06/facebook-real-name-policy-problems/'\u003enegative one\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e"},{"title":"How Auth0 Makes Password Resets Frictionless","description":"\u003cp\u003eDeveloping password reset functionality from scratch requires significant resources. You’d need to develop:\u003c/p\u003e\u003cul\u003e\u003cli\u003eA system for securely registering customers\u003c/li\u003e\u003cli\u003eA system for securely storing customer information\u003c/li\u003e\u003cli\u003eAn intuitive UI for customers to access your reset function\u003c/li\u003e\u003cli\u003eA reset function\u003c/li\u003e\u003cli\u003eAn email automation system to send your password resets\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eWith \u003ca href='https://auth0.com/docs/libraries/lock'\u003eAuth0 Lock\u003c/a\u003e, you can do everything listed above in a secure way. Because it is built on top of Auth0’s framework, everything is built for you. Auth0 Lock combines the easiest possible reset process with the highest standard for security. The reset process looks like this:\u003c/p\u003e\u003cp\u003e\u003cimg loading='lazy' class='alignnone size-large wp-image-485' src='https://images.ctfassets.net/kbkgmx9upatd/5AtU8D7fbYPruxwm7xP1TJ/a91ab6d56ce06207cd7d223f637d2c33/password-reset-1.png' alt='Diagram Password Recover' width='1024' height='118' sizes='(max-width: 1024px) 100vw, 1024px' /\u003e\u003c/p\u003e\u003cp\u003eCustomers who’ve forgotten their password simply click the “Forgot Password” button and are taken to this screen:\u003c/p\u003e\u003cp\u003e\u003cimg loading='lazy' class='alignnone size-medium wp-image-1481' src='https://images.ctfassets.net/kbkgmx9upatd/nDd8h7qxyvw6vxtgnNAMl/8ddae51dac19a19ff67d85dfce364235/password-reset-2.png' alt='Screen Shot 2017-02-08 at 3.41.10 PM' width='270' height='300' sizes='(max-width: 270px) 100vw, 270px' /\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eImportant: \u003c/b\u003e\u003cspan style='font-weight: 400;'\u003eNavigate to \u003c/span\u003e\u003ca href='https://manage.auth0.com/#/account/advanced'\u003e\u003cspan style='font-weight: 400;'\u003eDashboard \u0026gt; Account Settings \u0026gt; Advanced\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e to check if the \u003c/span\u003e\u003ci\u003e\u003cspan style='font-weight: 400;'\u003eChange Password flow v2\u003c/span\u003e\u003c/i\u003e\u003cspan style='font-weight: 400;'\u003e toggle is enabled. If it is, make sure to use Lock version 9 or later for this password reset flow.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eAfter entering their email, the customer will then see this banner:\u003c/p\u003e\u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/RGUnPSkwnKaOqulGEV85z/48f363238af0e45687f63c44eac65739/password-reset-3.jpeg' rel='attachment wp-att-466'\u003e\u003cimg loading='lazy' class='alignnone size-full wp-image-466' src='https://images.ctfassets.net/kbkgmx9upatd/RGUnPSkwnKaOqulGEV85z/48f363238af0e45687f63c44eac65739/password-reset-3.jpeg' alt='password-reset-3' width='581' height='113' sizes='(max-width: 581px) 100vw, 581px' /\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThe banner is shown even if the email address is not registered to an account, meaning that attackers won’t be able to try different emails to see if a particular customer does or doesn’t have an account.\u003c/p\u003e\u003cp\u003eIn their inbox, the customer will find this kind of email:\u003c/p\u003e\u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/2oZ0rfXRUbkf82jaVyVJqh/f7d1df2b719a29478a3a455c5d04f3bf/password-reset-4.png'\u003e\u003cimg loading='lazy' class='alignnone size-full wp-image-1482' src='https://images.ctfassets.net/kbkgmx9upatd/2oZ0rfXRUbkf82jaVyVJqh/f7d1df2b719a29478a3a455c5d04f3bf/password-reset-4.png' alt='Screen Shot 2017-02-08 at 3.43.55 PM' width='1200' height='1220' sizes='(max-width: 1200px) 100vw, 1200px' /\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis One Time Password link requires a single click, and ensures the password is not displayed in plaintext. Clicking the link brings the customer to this screen:\u003c/p\u003e\u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/5kDIcQqcWQiUH4zalMAbWo/8e4609912313481224143d6872e595f3/password-reset-5.png' rel='attachment wp-att-468'\u003e\u003cimg loading='lazy' class='alignnone wp-image-468 size-medium' src='https://images.ctfassets.net/kbkgmx9upatd/5kDIcQqcWQiUH4zalMAbWo/8e4609912313481224143d6872e595f3/password-reset-5.png' alt='password-reset-5' width='219' height='300' sizes='(max-width: 219px) 100vw, 219px' /\u003e\u003c/a\u003e\u003c/p\u003e"}]},{"id":"token-based-authentication-made-easy","title":"Token Based Authentication Made Easy","description":"Learn about token based authentication and how to easily implement JWT in your applications.","category":"concepts","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/3HDWsOSn1sQRE19iDI6m6Z/fd0e0baf8c669f73cb77d9ccb3401505/token-based-auth.png","mimeType":"image/png"},"content":[{"title":"Token Based Authentication","description":"\u003cp class='p1'\u003e\u003cspan class='s1'\u003eA token is a piece of data that has no meaning or use on its own, but combined with the correct tokenization system, becomes a vital player in securing your application.\u003c/span\u003e Token based authentication works by ensuring that each request to a server is accompanied by a signed token which the server verifies for authenticity and only then responds to the request.\u003c/p\u003e\u003cp\u003eJSON Web Token (JWT) is an open standard (\u003ca href='https://tools.ietf.org/html/rfc7519' target='_blank' rel='noopener noreferrer'\u003eRFC 7519\u003c/a\u003e) that defines a compact and self-contained method for securely transmitting information between parties encoded as a JSON object. JWT has gained mass popularity due to its compact size which allows tokens to be easily transmitted via query strings, header attributes and within the body of a POST request.\u003c/p\u003e\u003cdiv class='new-banner' style='background-color: #f5f7f9; width: 100%; display: flex; flex-direction: row; justify-content: center; align-items: center; border-radius: 3px; box-shadow: 0px 4px 8px rgba(0,0,0,0.15); margin: 60px 0 20px 0;'\u003e\u003cdiv class='new-banner-text' style='width: 50%; padding-left: 40px; font-size: 24px; color: #333333; text-align: initial; font-weight: 500; line-height: normal;'\u003eInterested in getting up-to-speed with JWTs as soon as possible? \u003ca href='https://auth0.com/resources/ebooks/jwt-handbook' class='wow btn btn-lg btn-success js-try new-banner-button' style='margin-top: 24px; font-weight: bold; background: #00B9F1;'\u003eDOWNLOAD THE FREE EBOOK\u003c/a\u003e\u003c/div\u003e\u003cp style='margin: 0;'\u003e\u003cimg class='new-banner-image' style='margin: 0; height:260px;' src='https://images.ctfassets.net/kbkgmx9upatd/7C5klmm5jbofXg0bbnNySP/77efa118327f001bf28ef7c2f7c14bed/token-1.png'\u003e\u003c/p\u003e"},{"title":"Why Use Tokens?","description":"\u003cp\u003eThe use of tokens has many benefits compared to traditional methods such as cookies.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cem\u003eTokens are stateless.\u003c/em\u003e The token\u0026nbsp;is self-contained and contains all the information it needs for authentication. This is great for scalability as it frees your server from having to store\u0026nbsp;session state.\u003c/li\u003e\u003cli\u003e\u003cem\u003eTokens can be generated\u0026nbsp;from anywhere.\u003c/em\u003e Token generation is decoupled from token verification\u0026nbsp;allowing\u0026nbsp;you the option to handle the signing of tokens on\u0026nbsp;a separate server or even through a\u0026nbsp;different company such us Auth0.\u003c/li\u003e\u003cli\u003e\u003cem\u003eFine-grained access control.\u003c/em\u003e Within the token payload you can easily specify user roles and permissions\u0026nbsp;as well as resources that the user can access.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThese are just some of the benefits JSON Web Tokens provide. To learn more check out \u003ca href='https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/' target='_blank' rel='noopener noreferrer'\u003ethis\u003c/a\u003e\u0026nbsp;blog post that takes a deeper dive and compares tokens to cookies for managing authentication.\u003c/p\u003e"},{"title":"Anatomy of a JSON Web Token","description":"\u003cp\u003eA JSON Web Token consists of three parts: \u003cem\u003eHeader\u003c/em\u003e, \u003cem\u003ePayload\u003c/em\u003e and \u003cem\u003eSignature\u003c/em\u003e. The header and payload are Base64 encoded, then concatenated by a period, finally the result is algorithmically signed producing a token in the form of header.claims.signature. The header consists of metadata including the type of token and the hashing algorithm used to sign the token. The payload contains the claims data that the token is encoding. The final result looks like:\u003c/p\u003e\u003cpre class='code'\u003eeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXNzYWdlIjoiSldUIFJ1bGVzISIsImlhdCI6MTQ1OTQ0ODExOSwiZXhwIjoxNDU5NDU0NTE5fQ.-yIVBD5b73C75osbmwwshQNRC7frWUYrqaTjTpza2y4\u003c/pre\u003e\u003cp\u003eTokens are signed to protect against manipulation, they are not encrypted. What this means is that a token can be easily decoded and its contents revealed. If we navigate over the \u003ca href='https://jwt.io/'\u003ejwt.io\u003c/a\u003e, and paste the above token, we’ll be able to read the header and payload \u0026#8211; but without the correct secret, the token is useless and we see the message \u003cem\u003e“Invalid Signature.”\u003c/em\u003e If we add the correct secret, in this example, the string \u003ccode\u003eL3@RNJWT\u003c/code\u003e, we’ll now see a message saying \u003cem\u003e“Signature Verified.”\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/1qSku3ziq3D5czdhfRrRbM/0118fba26a33b4ac8d20b431ddf8b1e0/token-based-2.png' rel='attachment wp-att-382'\u003e\u003cimg loading='lazy' class='alignnone size-large wp-image-382' src='https://images.ctfassets.net/kbkgmx9upatd/1qSku3ziq3D5czdhfRrRbM/0118fba26a33b4ac8d20b431ddf8b1e0/token-based-2.png' alt='Decoding a JWT with JWT.io' width='1024' height='728' sizes='(max-width: 1024px) 100vw, 1024px' /\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIn a real world scenario, a client would make a request to the server and pass the token with the request. The server would attempt to verify the token and, if successful, would continue processing the request. If the server could not verify the token, the server would send a \u003ccode\u003e401 Unauthorized\u003c/code\u003e and a message saying that the request could not be processed as authorization could not be verified.\u003c/p\u003e"},{"title":"JSON Web Token Best Practices","description":"\u003cp\u003eBefore we actually get to implementing JWT, let’s cover some best practices to ensure token based authentication is properly implemented in your application.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cem\u003eKeep it secret. Keep it safe.\u003c/em\u003e The signing key should be treated like any other credentials and revealed only to services that absolutely need it.\u003c/li\u003e\u003cli\u003e\u003cem\u003eDo not add sensitive data to the payload.\u003c/em\u003e Tokens are signed to protect against manipulation and are easily decoded. Add the bare minimum number of claims to the payload for best performance and security.\u003c/li\u003e\u003cli\u003e\u003cem\u003eGive tokens an expiration.\u003c/em\u003e Technically, once a token is signed \u0026#8211; it is valid forever \u0026#8211; unless the signing key is changed or expiration explicitly set. This could pose potential issues so have a strategy for expiring and/or revoking tokens.\u003c/li\u003e\u003cli\u003e\u003cem\u003eEmbrace HTTPS.\u003c/em\u003e Do not send tokens over non-HTTPS connections as those requests can be intercepted and tokens compromised.\u003c/li\u003e\u003cli\u003e\u003cem\u003eConsider all of your authorization use cases.\u003c/em\u003e Adding a secondary token verification system that ensure tokens were generated from your server, for example, may not be common practice, but may be necessary to meet your requirements.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information and best practices, visit the\u0026nbsp;\u003ca href='https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/'\u003e10 Things You Should Know About Tokens\u003c/a\u003e\u0026nbsp;blog post.\u003c/p\u003e"},{"title":"Token Based Authentication Made Easy","description":"\u003cp\u003eToken based authentication and JWT are widely supported. JavaScript, Python, C#, Java, PHP, Ruby, Go and others have libraries to easily sign and verify JSON web tokens. Let’s implement an API and see how quickly we can secure it with JWT.\u003c/p\u003e\u003cp\u003eWe’ve chosen to build our API with NodeJS as it requires the least amout of setup. Let’s take a look the code for our implementation of JWT.\u003c/p\u003e\u003cpre\u003e// Load in our dependencies\nvar express = require('express');\nvar jwt = require('jsonwebtoken');\n\nvar app = express();\n\n// Register the home route that displays a welcome message\n// This route can be accessed without a token\napp.get('/', function(req, res){\n res.send('Welcome to our API');\n})\n\n// Register the route to get a new token\n// In a real world scenario we would authenticate user credentials\n// before creating a token, but for simplicity accessing this route\n// will generate a new token that is valid for 2 minutes\napp.get('/token', function(req, res){\n var token = jwt.sign({username:'ado'}, 'supersecret',{expiresIn: 120});\n res.send(token)\n})\n\n// Register a route that requires a valid token to view data\napp.get('/api', function(req, res){\n var token = req.query.token;\n jwt.verify(token, 'supersecret', function(err, decoded){\n if(!err){\n var secrets = {'accountNumber' : '938291239','pin' : '11289','account' : 'Finance'};\n res.json(secrets);\n } else {\n res.send(err);\n }\n })\n})\n\n// Launch our app on port 3000\napp.listen('3000');\u003c/pre\u003e\u003cp\u003eTo test our current API, let\u0026#8217;s run the application and navigate to \u003ccode\u003elocalhost:3000\u003c/code\u003e. We\u0026#8217;ll see just the message \u003cstrong\u003e\u0026#8220;Welcome to our API.\u0026#8221;\u0026nbsp;\u003c/strong\u003eNext, navigate to the \u003ccode\u003elocalhost:3000/api\u003c/code\u003e route and we\u0026#8217;ll see a JWT error message which will say that we didn\u0026#8217;t get a token. Navigate to the \u003ccode\u003elocalhost:3000/token\u003c/code\u003e route and you will see a new token generated. Copy this token, then navigate to \u003ccode\u003elocalhost:3000/api?token={ADD-COPIED-TOKEN-HERE}\u003c/code\u003e and you will see the intended response which is the company financial accounts.\u003c/p\u003e\u003cp\u003eWith just a few lines of code we were able to secure our API\u0026nbsp;endpoint. We didn’t cover handling proper user authentication before generating a token. We\u0026#8217;ll\u0026nbsp;do this with Auth0 next.\u003c/p\u003e"},{"title":"JWT Authentication with Auth0","description":"\u003cp\u003eWe\u0026nbsp;will\u0026nbsp;need to make some slight modifications to our\u0026nbsp;code to showcase the authentication flow with Auth0. Let\u0026#8217;s examine the changes below:\u003c/p\u003e\u003cpre\u003e// Load in our dependencies\nvar express = require('express');\nvar jwt = require('express-jwt');\n\nvar jwtCheck = jwt({\n secret: new Buffer('{YOUR-APP-SECRET}', 'base64'),\n audience: '{YOUR-APP-CLIENT-ID}'\n});\n\nvar app = express();\n\n// Rather than checking for a token within our controller\n// we'll use a middleware so if the token is invalid we'll\n// stop further execution of the request\napp.use('/api', jwtCheck);\n\napp.get('/', function(req, res){\n res.send('Welcome to our API');\n})\n\napp.get('/api', function(req, res){\n var secrets = {'accountNumber' : '938291239','pin' : '11289','account' : 'Finance'};\n res.json(secrets);\n})\n\napp.listen('3000');\u003c/pre\u003e\u003cp\u003eTo test that this works, let’s start the server and navigate to \u003ccode\u003elocalhost:3000/api\u003c/code\u003e. We see a message saying that we didn’t send an authorization token. Let’s head over to the \u003ca href='https://auth0.github.io/playground/' target='_blank' rel='noopener noreferrer'\u003eAuth0 Playground\u003c/a\u003e, add in our credentials and get a token. Add the following code on the playground:\u003c/p\u003e\u003cpre\u003evar domain = '{YOUR-AUTH0-DOMAIN}.auth0.com';\nvar clientID = '{YOUR-APP-CLIENT-ID}';\n\nvar lock = new Auth0Lock(clientID, domain);\nlock.show({\n focusInput: false,\n popup: true,\n}, function (err, profile, token) {\n alert(token)\n});\u003c/pre\u003e\u003cp\u003eTo make sure that we can get a token, we\u0026#8217;ll need to navigate to our app settings in the \u003ca href='https://manage.auth0.com' target='_blank' rel='noopener noreferrer'\u003eAuth0 Dashboard\u003c/a\u003e and add\u0026nbsp;\u003ccode\u003ehttps://auth0.github.io/playground\u003c/code\u003e to our list of allowed callback URLs. Now let\u0026#8217;s login or create an account on the Auth0 Playground and we will get an popup revealing our token.\u003c/p\u003e\u003cp\u003eTo check the contents our token, we can decode it at \u003ca href='https://jwt.io/' target='_blank' rel='noopener noreferrer'\u003ejwt.io\u003c/a\u003e. To verify the token, we will need our Auth0 app\u0026#8217;s \u003ccode\u003eClient Secret\u003c/code\u003e and we will need to check the box \u003cem\u003esecret base64 encode\u003c/em\u003e. Doing this, we should now see the message \u003cem\u003e\u0026#8220;Signature Verified.\u0026#8221;\u003c/em\u003e\u003c/p\u003e\u003cp\u003eTo test that our API works with this token, we need to make a \u003ccode\u003eGET\u003c/code\u003e request to \u003ccode\u003elocalhost:3000/api\u003c/code\u003e and send the token in an Authorization header. The simplest way to do this is to use an app like \u003ca href='https://www.getpostman.com/' target='_blank' rel='noopener noreferrer'\u003ePostman\u003c/a\u003e which simplifies API endpoint testing. When making the call add an Authorization header and for the value add \u003ccode\u003eBearer {TOKEN}\u003c/code\u003e. When the call is made the \u003ccode\u003ejwtCheck\u003c/code\u003e middleware will examine the request, ensure it has the Authorization header in the correct format, extract the token, verify it and if verified process the rest of the request. We used just the default settings to showcase the capabilities of JWT but you can learn much more via the \u003ca href='https://auth0.com/docs/jwt' target='_blank' rel='noopener noreferrer'\u003edocs\u003c/a\u003e.\u003c/p\u003e"},{"title":"Use Cases for Token Based Authentication","description":"\u003cp\u003eWe’ve seen how easy it is to implement JWT authentication and secure our API. To conclude, let’s examine use cases where token based authentication is best suited for.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cem\u003ePlatform-as-a-Service Applications\u003c/em\u003e \u0026#8211; exposing RESTful APIs that will be consumed by a variety of frameworks and clients.\u003c/li\u003e\u003cli\u003e\u003cem\u003eMobile Apps\u003c/em\u003e \u0026#8211; implementing native or hybrid mobile apps that interact with your services.\u003c/li\u003e\u003cli\u003e\u003cem\u003eSingle Page Applications (SPA)\u003c/em\u003e \u0026#8211; building modern applications with frameworks such as Angular and React.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional resources on getting started with JSON Web Tokens check out\u0026nbsp;this \u003ca href='https://auth0.com/learn/json-web-tokens/' target='_blank' rel='noopener noreferrer'\u003epost\u003c/a\u003e.\u003c/p\u003e"}]},{"id":"rest-vs-soap","title":"REST vs SOAP - Building Modern Applications","description":"Learn about the key differences between REST and SOAP, when you might use one over the other and different ways to secure them.","category":"concepts","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/5AOVszrdzcuiPv6IKtgokn/052280f4d5e4e3b52ac64fc15e410bfe/rest-vs-soap.png","mimeType":"image/png"},"content":[{"title":"REST vs. SOAP","description":"\u003cp\u003eDevelopers have lots of choices when building modern applications. Static vs. dynamic languages, established players like Java or relative newcomers like Golang, monolithic all-in-one frameworks vs modularized libraries or even having your entire stack run on Javascript are just the tip of the iceberg. Adding to that list is an important decision that developers have to choose \u0026#8211; REST or SOAP.\u003c/p\u003e\u003cp\u003eREST and SOAP, simply put, are methods of communication between applications. While the end goal is the same, REST and SOAP cannot be directly compared as REST is a set of guidelines that developers may choose to implement differently from project to project while SOAP is a well defined and standardized protocol for data exchange. Still, a comparison can be made highlighting the benefits and drawbacks of using one over the other. Both are still widely used throughout the industry and we hope to shine the light on why and when you might use one over the other.\u003c/p\u003e"},{"title":"Representational State Transfer (REST)","description":"\u003cp\u003eRepresentational State Transfer (REST) is an architectural pattern commonly used in developing modern web based applications ranging from websites, mobile apps, games and more. Developing a REST based API allows you to expose functionality of your web service over HTTP and interact with it over the web. Utilizing HTTP verbs like \u003ccode\u003eGET\u003c/code\u003e and \u003ccode\u003ePOST\u003c/code\u003e the client instructs the API to retrieve or create resources.\u003c/p\u003e\u003cp\u003eRESTful API’s have gained massive popularity due to their interoperability and flexibility on the web. Web services built with this architecture can evolve independently of the applications that consume them. REST based API’s do not have a well defined security protocol \u0026#8211; but JSON Web Tokens (JWTs) are the most common method of authenticating and authorizing requests.\u003c/p\u003e\u003cp\u003ePros\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eStateless\u003c/b\u003e \u0026#8211; each call to the web service has all the information it needs to process the request and does not rely on storing client-server context.\u003c/li\u003e\u003cli\u003e\u003cb\u003eFlexible\u003c/b\u003e \u0026#8211; RESTful API’s can accept and serve data in many different formats including JSON, XML, Atom and others. JSON is by far the most popular data format used in REST based API’s.\u003c/li\u003e\u003cli\u003e\u003cb\u003eCacheable\u003c/b\u003e \u0026#8211; responses are cacheable which can greatly improve the performance of the web service by eliminating unnecessary calls to the backend.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCons\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eStandards\u003c/b\u003e \u0026#8211; there is no defined standard for building REST based API’s. There are many great resources and guides such as the \u003ca href='https://github.com/WhiteHouse/api-standards' target='_blank' rel='noopener noreferrer'\u003eWhite House RESTful API Standards\u003c/a\u003e and the \u003ca href='http://www.restapitutorial.com/' target='_blank' rel='noopener noreferrer'\u003eREST API Tutorial\u003c/a\u003e, but many permutations of REST based API’s exist.\u003c/li\u003e\u003cli\u003e\u003cb\u003eHTTP\u003c/b\u003e \u0026#8211; RESTful applications are confined to the HTTP protocol.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/state-tranfer.png' alt='REPRESENTATIONAL STATE TRANSFER' /\u003e\u003c/p\u003e"},{"title":"Simple Object Access Protocol (SOAP)","description":"\u003cp\u003eSimple Object Access Protocol (SOAP) on the other hand is a protocol for data exchange. It’s strengths lie in that it has a certain set of rules and standards that must be obeyed for successful client / server interactions. SOAP requests are delivered via envelopes that must contain all the required information to process the request.\u003c/p\u003e\u003cp\u003eA SOAP request envelope generally consists of an optional header and a required body attribute. The header attribute is used for information such as security credentials and other metadata while the body attribute is used to handle the actual data and any errors that arise. This is a simplification of how SOAP handles data exchange so for more in-depth information check out the \u003ca href='https://www.w3.org/TR/soap12/' target='_blank' rel='noopener noreferrer'\u003eW3C Specification\u003c/a\u003e and if you’re itching to write a write a SOAP web service try an easy to follow \u003ca href='https://spring.io/guides/gs/producing-web-service/' target='_blank' rel='noopener noreferrer'\u003etutorial\u003c/a\u003e.\u003c/p\u003e\u003cp\u003ePros\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eWSDL \u003c/b\u003e \u0026#8211; the Web Services Description Language (WSDL) describes the web service methods, access and other parameters making it a one-stop shop for learning how to consume the API.\u003c/li\u003e\u003cli\u003e\u003cb\u003eExtensibility \u003c/b\u003e \u0026#8211; WS-* extensions such as WS-Security, WS-Addressing, WS-Federation and others can greatly enhance the capabilities of the application.\u003c/li\u003e\u003cli\u003e\u003cb\u003eProtocol Neutral\u003c/b\u003e \u0026#8211; accessible via HTTP, SMTP, TCP and other application level protocols.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCons\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eXML Infoset\u003c/b\u003e \u0026#8211; SOAP uses XML for transferring payload data which can take significantly longer to serialize which leads to performance issues.\u003c/li\u003e\u003cli\u003e\u003cb\u003eComplex\u003c/b\u003e \u003cb\u003eSyntax\u003c/b\u003e \u0026#8211; SOAP works exclusively with XML and reading the data envelopes can be difficult and time-consuming.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/soap.png' alt='SIMPLE OBJECT ACCESS PROTOCOL' /\u003e\u003c/p\u003e"},{"title":"Use Cases for REST","description":"\u003cp\u003eRESTful API’s are everywhere. From single page apps to the Internet of Things (IoT), services powered by REST based API’s are the norm. Besides the technical benefits we’ve outlined above, REST based API’s are a great fit for many businesses because they are generally easier to understand and develop for. REST is a great choice for startups, mobile apps, and developers building modern Single Page Applications (SPA).\u003c/p\u003e\u003cp\u003eMany companies are built around providing a RESTful API that solves a singular problem and integrates into any application seamlessly. Auth0 is a great example of \u003ca href='https://auth0.com/docs/api/v2' target='_blank' rel='noopener noreferrer'\u003ethis\u003c/a\u003e. Other common use cases for REST are companies exposing their dataset and allowing 3rd parties to build products on top of the exposed API such as the Falcon App built on top of Twitter’s RESTful API.\u003c/p\u003e"},{"title":"Use Cases for SOAP","description":"\u003cp\u003eWeb services utilizing SOAP are commonly found in enterprise environments. Large enterprise environments such as those found in banking and healthcare benefit most from utilizing SOAP as it gives them greater flexibility and control over the client/server interactions. Expressing complex methods is generally easier with SOAP as well as ACID compliant transactions.\u003c/p\u003e\u003cp\u003eSOAP is better suited for the enterprise but that’s not to say that it can’t or shouldn’t be used for smaller endeavours. The only caveat to that is that building a SOAP application will generally take longer so if you are just experimenting with an idea you may get bogged down by the complexity vs actually shipping code. A common litmus test in the REST vs. SOAP debate states that \u0026#8220;if you can’t find a specific reason for building your web service with SOAP, use REST.\u0026#8221;\u003c/p\u003e"},{"title":"Authenticating REST API’s with JWT","description":"\u003cp\u003eREST API’s are commonly authenticated with \u003ca href='https://auth0.com/learn/json-web-tokens/' target='_blank' rel='noopener noreferrer'\u003eJson Web Tokens (JWT)\u003c/a\u003e. If an API endpoint needs to be protected, the strategy is to require the client, when making a request to the API, to include an Authorization header that includes a token verifying the identity of the requester. The server then verifies that the token is valid and if it is, processes the request.\u003c/p\u003e\u003cp\u003eThere are many benefits to using token based authentication and you can learn all about them \u003ca href='https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/' target='_blank' rel='noopener noreferrer'\u003ehere\u003c/a\u003e. REST API’s are not limited to token based authentication \u0026#8211; you can use cookie/session based authentication or even roll your own mechanism for authentication.\u003c/p\u003e"},{"title":"Protecting RESTful endpoints with JWT","description":"\u003cp\u003eLet’s take a look at an example of how you can protect your RESTful API with JWT. You have built a mobile application that displays a motivational quote of the day. The daily quote is retrieved via a \u003ccode\u003eGET\u003c/code\u003e request to your RESTful API at \u003ccode\u003e/api/v1/quote\u003c/code\u003e. The feedback you’ve received is great and your users are engaged. You want to give them the functionality to submit their own quotes to the app.\u003c/p\u003e\u003cp\u003eA new RESTful endpoint is created so that when a \u003ccode\u003ePOST\u003c/code\u003e request is sent to \u003ccode\u003e/api/v1/quote\u003c/code\u003e containing the required data in the body \u0026#8211; the submitted quote is saved to database for your review. You don’t want just anybody sending you quotes though. Only registered users should be able to. The implementation of the API is as such:\u003c/p\u003e\u003cpre\u003e...\n\nroutes.post('/api/v1/quote', function(req, res){\n // getToken is a helper function that looks for an Authorization\n // key in the header that contains the value 'Bearer {token}'\n // it then strips out the Bearer keyword and returns just the {token}\n var token = getToken(req.headers.authorization);\n var quote = req.body.quote;\n\n jwt.verify(token, 'secret', function(err, decoded){\n if(err){\n res.json(err) // Return error details\n } else {\n // Save the quote to a database\n res.json({'message':'Quote Successfully Submitted. Thank you!'}); \n }\n });\n});\n\n...\u003c/pre\u003e\u003cp\u003eIn the implementation above, when a user makes a \u003ccode\u003ePOST\u003c/code\u003e request to the \u003ccode\u003e/api/v1/quote\u003c/code\u003e endpoint, we extract their JWT and store it in a variable called \u003ccode\u003etoken\u003c/code\u003e. If the authorization header does not exist, we simply stop further execution as we can safely assume the user is unauthenticated. If we do get a token, we verify that it is valid. The token is verified against a secret that it was originally signed with. Additionally, we check to see if the token is expired. The \u003ccode\u003edecoded\u003c/code\u003e object may have additional data such as user permissions that can be added when the token is created, but for our demo we kept it simple.\u003c/p\u003e\u003cp\u003e\u003cem\u003ePOST to API with valid JWT\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/3rV92iNXjuXSDORyu4Yjsm/45dc63efb909bf879a2b41846fa4ed9d/rest-1.png' rel='attachment wp-att-274'\u003e\u003cimg loading='lazy' class='alignnone wp-image-274 size-large' src='https://images.ctfassets.net/kbkgmx9upatd/3rV92iNXjuXSDORyu4Yjsm/45dc63efb909bf879a2b41846fa4ed9d/rest-1.png' alt='POST with valid JWT' /\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003ePOST to API with no JWT\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/aOnmm4S7vCjit6G4aUQDJ/ef6e2880db595564fb28aa10e79c419f/rest-2.png' rel='attachment wp-att-275'\u003e\u003cimg loading='lazy' class='alignnone size-large wp-image-275' src='https://images.ctfassets.net/kbkgmx9upatd/aOnmm4S7vCjit6G4aUQDJ/ef6e2880db595564fb28aa10e79c419f/rest-2.png' alt='POST with no JWT' /\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf all checks out and no \u003ccode\u003eerr\u003c/code\u003e is returned, we know the user is authenticated so we save their quote to the database and send them a nice message thanking them for using our app. In this example, we did the token verification inside the endpoint implementation. In a real world scenario the token verification would preferably be done through a middleware higher up in the call-stack.\u003c/p\u003e\u003cp\u003eAuth0 can easily take care of generating JWTs as part of the authentication workflow. Once a user has successfully logged in, Auth0 will return a JWT which you would store in local storage or a cookie. Then, every time a request is sent to the API, you would append the token in the header under an Authorization key. On the server side, you will need to validate this token, which as we saw above is a simple task when using one of the many Auth0 \u003ca href='https://auth0.com/docs/'\u003eSDK’s\u003c/a\u003e.\u003c/p\u003e"},{"title":"Authenticating SOAP API’s with SAML","description":" \u003cp\u003eSOAP is just as flexible as REST when it comes to protecting and authenticating a web service. WS-Security is the key extension that supports many authentication models including: basic username/password credentials, SAML, OAuth and more.\u003c/p\u003e\u003cp\u003eA common way that SOAP API’s are authenticated is via SAML Single Sign On (SSO). SAML works by facilitating the exchange of authentication and authorization credentials across applications. A SAML federation is comprised of three parts: the user, an Identity Provider and a Service Provider. The user makes a request from the Service Provider to an Identity Provider and if the request is successful the user is authenticated and can access the application.\u003c/p\u003e"},{"title":"Implementing SAML Single Sign On with SSOCircle","description":"\u003cp\u003eImplementing SAML SSO can be a daunting, difficult, and time intensive task. Auth0 can help! Let’s see how quickly we can setup SAML SSO with SSOCircle. Auth0 will be the Service Provider, while SSOCircle will be the Identity Provider meaning that once a user attempts to login they will be taken to SSOCircle to verify their identity.\u003c/p\u003e\u003cp\u003eWith an SSOCircle account created, let’s go and get the public metadata for SSOCircle. We can get this by visiting \u003ca href='https://idp.ssocircle.com/'\u003ehttps://idp.ssocircle.com/\u003c/a\u003e. From here, we want to get three attributes, the \u003cem\u003eKeyDescriptor Signing X509 Certificate\u003c/em\u003e, \u003cem\u003eSingleSignOnService Redirect Location\u003c/em\u003e and the \u003cem\u003eSingleLogoutService Redirect Location\u003c/em\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/5pewzZwOL2uDDmD5suNlv/e7fa5ac748ed7eb74ed4203b0bfd9077/rest-3.png' rel='attachment wp-att-290'\u003e\u003cimg loading='lazy' class='alignnone size-large wp-image-290' src='https://images.ctfassets.net/kbkgmx9upatd/5pewzZwOL2uDDmD5suNlv/e7fa5ac748ed7eb74ed4203b0bfd9077/rest-3.png' alt='SSOCircle IDP' width='1024' height='794' sizes='(max-width: 1024px) 100vw, 1024px' /\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eWe will begin by creating a new .pem file to store the certificate by creating a new file and copying the X509 Certificate. We will additionally need to add the Begin and End Certificate delimiters as shown below.\u003c/p\u003e\u003cpre\u003e-----BEGIN CERTIFICATE-----\nMIIDATCCAemgAwIBAgICCpgwDQYJKoZIhvcNAQEFBQAwLjELMAkGA1UEBhMCREUx\nEjAQBgNVBAoTCVNTT0NpcmNsZTELMAkGA1UEAxMCQ0EwHhcNMTEwNTE3MTkzNDEx\nWhcNMjEwODE3MTkzNDExWjAuMQswCQYDVQQGEwJERTESMBAGA1UEChMJU1NPQ2ly\nY2xlMQswCQYDVQQDEwJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nALm1xZq5goTh7NmdzZsZUJed9+7XauwuaNuGyZpIGRo4FsP1YPgs+40mYAoa9rDj\nCEekixkfSI6nBUMdHuRIMHogyu/OVxskrL91SLO5m5u9JhgIhO/s9pnmnrnNUILf\nRccE4+AEO1xsBQ/x1sY2zDZk+71Pfvifc9vVxedHpNAumbe1nb+CofUtAbF6PkHv\ng3pqCoMPmC7m4NAr9h+zq3ekeWf8j5SOicupet9XhsO6zUr0Wga/Zs6J0khhYmFy\nzpqoP2rLJ4a/9qduSGslOWsed6kD+zvhLMAUVcw3goli4VhepNzU5iGL9QdVj7m4\nYQRMofBRYyL7tBWO6jzLpFcCAwEAAaMpMCcwFAYJYIZIAYb4QgEBAQH/BAQDAgD/\nMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKmOo8un97VFxNgo\niAzpU5fugKdAFFnKHTvUzDLQ81O455OyT6tcAsXHz6sy2c6GozqDV7xrXSqnues8\np9/w0KzVY9/YuxB90uiSJVh0zMxS+NwyfG1Od5Brloh9eBM4YulUI3V2ustcck17\n2G4X4/QSK8uo0bjELUzSNAGj7uypsKKXjX++enfAJzLSsqk3Y8Tmon4R6GYBj4mo\n1nL6ujeXqB/kH44XnEmU7ojyIC1kawFRdY4GDFIq3HOBFNzlNbJVL+jKdgTQJTET\nrNTDjxXmxwpZ90+lPbEaLQeElwAQi7pMtcqD/f8Dqaifk9ZvpCB7NC+oLM5ej9nK\nTawsVqs=\n-----END CERTIFICATE-----\u003c/pre\u003e\u003cp\u003eSave this file as \u003ccode\u003eSSOCircle.pem\u003c/code\u003e. Navigate to the Auth0 Dashboard and create a new SAMLP Identity Provider connection by navigating to Connections, then the Enterprise submenu and clicking on the + icon in the SAMLP Identity Provider section. There are lots of settings we can configure here, but for our demo we will first set a Connection Name, which can be anything you choose. We will skip the Email Domains for this demo, but the email domains section is where you would define which domains will automatically work with single sign on \u0026#8211; this will typically be your corporate domain.\u003c/p\u003e\u003cp\u003eThe Sign In and Sign Out URL’s we have received from the public SSOCircle Metadata so we will insert those there. The last part of the configuration is uploading the \u003ccode\u003e.pem\u003c/code\u003e certificate we created earlier. With those settings configured \u0026#8211; we can ignore the rest and just click save.\u003c/p\u003e\u003cp\u003eAfter saving the settings, you will be prompted to continue and will need to get the metadata for your connection. It should look like:\u003c/p\u003e\u003cpre\u003e\u0026lt;EntityDescriptor entityID='urn:auth0:{ACCOUNT_NAME}:{CONNECTION_NAME}' xmlns='urn:oasis:names:tc:SAML:2.0:metadata'\u0026gt;\n \u0026lt;SPSSODescriptor WantAssertionsSigned='true' protocolSupportEnumeration='urn:oasis:names:tc:SAML:2.0:protocol'\u0026gt;\n\n \u0026lt;SingleLogoutService Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' Location='https://{ACCOUNT_NAME}.auth0.com/samlp/logout'/\u0026gt;\n \u0026lt;SingleLogoutService Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' Location='https://{ACCOUNT_NAME}.auth0.com/samlp/logout'/\u0026gt;\n \u0026lt;NameIDFormat\u0026gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\u0026lt;/NameIDFormat\u0026gt;\n \u0026lt;NameIDFormat\u0026gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\u0026lt;/NameIDFormat\u0026gt;\n \u0026lt;NameIDFormat\u0026gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient\u0026lt;/NameIDFormat\u0026gt;\n \u0026lt;AssertionConsumerService Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' Location='https://{ACCOUNT_NAME}.auth0.com/login/callback?connection={CONNECTION_NAME}' index='0' isDefault='true'/\u0026gt;\n \u0026lt;/SPSSODescriptor\u0026gt;\n\u0026lt;/EntityDescriptor\u0026gt;\u003c/pre\u003e\u003cp\u003eThis is your connections metadata and you will use it to register a new Service Provider on SSOCircles side. Head over to SSOCircle and navigate to the Manage Metadata section. Once there, click on the Add New Service Provider. You will need to enter the fully qualified domain name (FQDN), which in our case will be auth0.com, select EmailAddress in the attributes sent in assertion section and finally paste the XML Metadata in the textarea provided. Click submit and you the Auth0 service provider will be registered.\u003c/p\u003e\u003cp\u003eTo test that the connection was successful \u0026#8211; click on the manage button under the SAMLP Identity Provider section and then Try (which is the play icon). If all went well you should see a screen just like the one below. That’s it! Now you have integrated SAML Single Sign On with Auth0 acting as the Service Provider and SSOCircle acting as the Identity Provider. For a more indepth guide on implementing a SAML federation, check out the \u003ca href='https://auth0.com/docs/saml-configuration' target='_blank' rel='noopener noreferrer'\u003edocs\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/2pvThhHV5YBvzbKmk9Q95R/5635336d944ffab459f08a2e4778fb8c/rest-4.png' rel='attachment wp-att-291'\u003e\u003cimg loading='lazy' class='alignnone size-large wp-image-291' src='https://images.ctfassets.net/kbkgmx9upatd/2pvThhHV5YBvzbKmk9Q95R/5635336d944ffab459f08a2e4778fb8c/rest-4.png' alt='SSOCircle Connection Successful' width='1024' height='728' /\u003e\u003c/a\u003e\u003c/p\u003e"},{"title":"REST or SOAP Authentication Made Easy with Auth0","description":"\u003cp\u003eWhether you are building a mobile app consuming RESTful services or an enterprise SOAP app, Auth0 has you covered when it comes to authentication.\u003c/p\u003e\u003cp\u003eJWT authentication is the bread and butter of Auth0. With an extensive authentication library as well as SDK’s for many programming languages and frameworks you can have authentication up and running in minutes. Support for over 30 \u003ca href='https://auth0.com/learn/social-login/' target='_blank' rel='noopener noreferrer'\u003esocial connections\u003c/a\u003e including Facebook, Twitter and Google as well as the ability to use an existing user database makes switching to Auth0 a breeze.\u003c/p\u003e\u003cp\u003eAuth0 can act both as a Service Provider and an Identity Provider in a SAML based federation. Applications such as Salesforce or Box can utilize Auth0 as an Identity Provider to allow users to login to such services through Auth0. In the case of having Auth0 act as the Service Provider, Auth0 will send an authorization request to an Identity Provider such as SSOCircle, OneLogin or any other SAML-compliant Identity Provider.\u003c/p\u003e"}]},{"id":"two-factor-authentication","title":"Two Factor Authentication (2FA)","description":"Learn about different types of two factor authentication and the pros and cons of each.","category":"concepts","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/2aE02ONJtJQJQGjP51jH5C/6ff78906ba3eb6f03a082327c908c197/2fa.png","mimeType":"image/png"},"content":[{"title":"What is Two Factor Authentication?","description":"\u003cp\u003e\u003cspan\u003eTwo Factor Authentication (2FA or TFA) is the technical term for the process of requiring a user to verify their identity in \u003cem\u003etwo unique ways\u003c/em\u003e before they are granted access to the system. Traditionally, users have relied on and are accustomed to authentication systems that require them to provide a unique identifier such as an email address, username or phone number and a correct password or pin to gain access to the system.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e2FA extends this paradigm by adding an additional step to the authentication process, most commonly requiring the user to enter a one-time token that is dynamically generated and delivered through a method that only the user has access to. Another common method is to use the users biometric data such as fingerprints or retina as a second factor.\u003c/span\u003e\u003c/p\u003e"},{"title":"Increased Security \u0026 Peace of Mind","description":" \u003cp\u003e\u003cspan\u003eTwo Factor Authentication is not new, in fact the technology was conceived way back in 1984. It is increasingly important in the modern world as more and more of our lives, both personal and business, move to digital mediums and the threats of hacking, theft and loss of access can have dire consequences.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eFor years, companies have tried to enhance the security of user authentication by requiring ever increasing requirements like length of password, special character requirements, requiring the user to change their password frequently, sophisticated hashing and salting algorithms that conceal the actual password and much more. At the end of the day, a password only system is still vulnerable as users tend to use the same password across multiple systems, phishing and social engineering techniques that get the user to unknowingly reveal their password are all too common and many other scenarios can lead to a password being compromised.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eTwo Factor Authentication gives the user and system administrator a peace of mind as it ensures that even if the users password is compromised the account cannot be accessed without also knowing not only the method used as the second factor but also having access to the second factor such as a dynamically generated \u003cem\u003eone-time password\u003c/em\u003e (OTP) or biological token.\u003c/span\u003e\u003c/p\u003e"},{"title":"Something you Know, Have and Are","description":"\u003cp\u003eTwo factor authentication is based on the user providing two of the following three \u003cem\u003e“somethings”\u003c/em\u003e:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003e\u003cstrong\u003eSomething you Know\u003c/strong\u003e \u0026#8211; the password or pin for an account\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003cstrong\u003eSomething you Have\u003c/strong\u003e \u0026#8211; a physical device such as a mobile phone or a software application that can generate one-time passwords\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003cstrong\u003eSomething you Are\u003c/strong\u003e \u0026#8211; a biologically unique feature to you such as your fingerprints, voice or retinas\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003eLearning the password or pin for an account is what most hackers go after. Accessing a physical token generator or getting biological features is harder and the reason why 2FA is effective in providing greater security for user accounts.\u003c/span\u003e\u003c/p\u003e"},{"title":"Types of Two Factor Authentication","description":"\u003cp\u003e\u003cspan\u003eThere are numerous ways to implement 2FA. They all have their pros and cons, but all significantly increase the security of user accounts when implemented. The key takeaway from all of the methods discussed below is that once the user has verified their username and password, they are required to enter a \u003cem\u003esecond password\u003c/em\u003e that is dynamically generated and constantly changing before they can access the system.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eCompanies often implement additional rules for when and how 2FA is used. The user may not need to use 2FA if they are within the company intranet or on a device they previously used 2FA to login. In other cases, the user may need to use 2FA every single time they authenticate. Auth0 supports these and other custom implementation rules to meet business needs.\u003c/span\u003e\u003c/p\u003e"},{"title":"SMS Token","description":"\u003cp\u003e\u003cspan\u003ePerhaps the most common method of implementing 2FA. This method sends the user a unique token via SMS\u003cem\u003e text message\u003c/em\u003e, normally a 5-10 digit code, after they have successfully entered their username and password. The user then needs to provide this unique token before they are granted access.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003e\u003cspan\u003ePros:\u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003e\u003cstrong\u003eUser friendly\u003c/strong\u003e \u0026#8211; most users are comfortable receiving text messages\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003cstrong\u003eAvailability\u003c/strong\u003e \u0026#8211; majority of phones have SMS capabilities\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003cstrong\u003eCost\u003c/strong\u003e \u0026#8211; inexpensive to setup and maintain\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cem\u003e\u003cspan\u003eCons:\u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003e\u003cstrong\u003eConnectivity\u003c/strong\u003e \u0026#8211; cell signal and reception required to receive token\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e \u0026#8211; SMS messages can be intercepted by 3rd parties\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003cstrong\u003eHardware\u003c/strong\u003e \u0026#8211; physical device required so if phone is lost or stolen the user cannot authenticate\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"Email Token","description":"\u003cp\u003e\u003cspan class='s1'\u003eAnother fairly common method of two factor authentication. This method is very similar to the SMS method above but common implementations include having the user enter a 5-10 alpha-numeric token or clicking a link provided in the email. Dynamically generated one-time passwords are also used here.\u003c/span\u003e\u003c/p\u003e\u003cp class='p1'\u003e\u003cem\u003e\u003cspan class='s1'\u003ePros:\u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eUser friendly\u003c/strong\u003e \u0026#8211; users can receive emails to both computers and mobile devices\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eCost\u003c/strong\u003e \u0026#8211; inexpensive to setup and maintain\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eOptions\u003c/strong\u003e \u0026#8211; can give the user additional options to verify token such as clicking a link\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp class='p1'\u003e\u003cem\u003e\u003cspan class='s1'\u003eCons:\u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eDelivery\u003c/strong\u003e \u0026#8211; email can fail to be delivered in many ways including: email goes to spam, bounced by server, delivery queue backed up causing a delay in delivery, etc.\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e \u0026#8211; emails can be intercepted by 3rd parties and tokens compromised\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eRedundancy\u003c/strong\u003e \u0026#8211; if 3rd party gains access to users credentials it’s possible they could access email as well and thus easily get the token\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"Hardware Token","description":"\u003cp\u003e\u003cspan class='s1'\u003eThis method is common in enterprise environments but can be used in any system. The way this method works is the user is given a physical device such a \u003cem\u003ekey fob\u003c/em\u003e, \u003cem\u003eUSB dongle\u003c/em\u003e or other device that dynamically generates a token for the user. These tokens are generally valid for only short periods of time, some as low as 30 seconds, and constantly change.\u003c/span\u003e\u003c/p\u003e\u003cp class='p1'\u003e\u003cem\u003e\u003cspan class='s1'\u003ePros:\u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eStandalone\u003c/strong\u003e \u0026#8211; doesn’t require reception, online connectivity or other factors to generate tokens\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eReliable\u003c/strong\u003e \u0026#8211; hardware tokens are specifically built to only generate tokens\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eSecure\u003c/strong\u003e \u0026#8211; as these devices only perform one task, the possible vectors of exploitation are greatly reduced\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp class='p1'\u003e\u003cem\u003e\u003cspan class='s1'\u003eCons: \u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli class='li1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eCost\u003c/strong\u003e \u0026#8211; expensive to setup and maintain\u003c/span\u003e\u003c/li\u003e\u003cli class='li1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eHardware\u003c/strong\u003e \u0026#8211; devices can be easily misplaced, forgotten and lost\u003c/span\u003e\u003c/li\u003e\u003cli class='li1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eToo Many Devices\u003c/strong\u003e \u0026#8211; having a hardware device for multiple services may make the user not want to use 2FA\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"Software Token","description":"\u003cp\u003e\u003cspan class='s1'\u003eSoftware tokens require the user to download and install an application that runs on their computer or mobile device that dynamically generates tokens for the user. With the rise of smartphones \u0026#8211; this method is gaining popularity. Software tokens work similarly to hardware tokens in that they are randomly generated and last a brief period of time before changing but developers can choose a number of different implementations to meet the business needs.\u003c/span\u003e\u003c/p\u003e\u003cp class='p1'\u003e\u003cem\u003e\u003cspan class='s1'\u003ePros:\u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eUser friendly\u003c/strong\u003e \u0026#8211; apps generally have simple interfaces that just display the token to the user\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eUpdates\u003c/strong\u003e \u0026#8211; easy to update software and apply patches when needed\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eExtensibility\u003c/strong\u003e \u0026#8211; ability to add enhanced features such as requiring a pin to access the app or using a single app for multiple accounts\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp class='p1'\u003e\u003cem\u003e\u003cspan class='s1'\u003eCons:\u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eCost\u003c/strong\u003e \u0026#8211; expensive to implement and maintain\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eAdditional Software\u003c/strong\u003e \u0026#8211; requires user to download and install additional software to their devices\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e \u0026#8211; application used to generate token can be compromised without user knowledge\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"Phone Call","description":"\u003cp\u003e\u003cspan class='s1'\u003eThis method of 2FA calls the user once they have authenticated their username and password and provides them with the token. This is perhaps the most inconvenient method for the end-user but is a viable and common method of delivering dynamic tokens to the user.\u003c/span\u003e\u003c/p\u003e\u003cp class='p1'\u003e\u003cem\u003e\u003cspan class='s1'\u003ePros:\u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eUser friendly\u003c/strong\u003e \u0026#8211; as simple as receiving a phone call\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eCost\u003c/strong\u003e \u0026#8211; inexpensive to setup and implement\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eReliability\u003c/strong\u003e \u0026#8211; generally voice/SMS reception requires less bandwidth than data so may be a good alternative to software or email based verification where a data connection is required\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp class='p1'\u003e\u003cem\u003e\u003cspan class='s1'\u003eCons:\u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e \u0026#8211; calls can be intercepted, forwarded or voicemails hacked\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eConnectivity\u003c/strong\u003e \u0026#8211; cell signal and reception is required\u003c/span\u003e\u003c/li\u003e\u003cli class='li1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eHardware\u003c/strong\u003e \u0026#8211; requires physical device to receive token\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"Biometric Verification","description":"\u003cp\u003e\u003cspan class='s1'\u003eThis method of 2FA is unique and different from the others we mentioned so far. Biometric verification relies on the actual user being the token. A unique feature such as the users \u003cem\u003efingerprints\u003c/em\u003e or \u003cem\u003eretina\u003c/em\u003e is used to verify that the user is who they say they are.\u003c/span\u003e\u003c/p\u003e\u003cp class='p1'\u003e\u003cem\u003e\u003cspan class='s1'\u003ePros:\u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eThe user becomes the token\u003c/strong\u003e \u0026#8211; just be yourself!\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eOptions\u003c/strong\u003e \u0026#8211; many different options for token including fingerprints, retina, voice and facial recognition\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eUser friendly\u003c/strong\u003e \u0026#8211; minimal knowledge of how systems work required by end user\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp class='p1'\u003e\u003cem\u003e\u003cspan class='s1'\u003eCons:\u003c/span\u003e\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003ePrivacy\u003c/strong\u003e \u0026#8211; storage of biometric data raises privacy concerns\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e \u0026#8211; fingerprints and other biometric data can be compromised and cannot be changed\u003c/span\u003e\u003c/li\u003e\u003cli class='p1'\u003e\u003cspan class='s1'\u003e\u003cstrong\u003eAdditional hardware\u003c/strong\u003e \u0026#8211; requires special devices to verify biometric data \u0026#8211; cameras, scanners, etc.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"Implementing Two Factor Authentication with Auth0","description":"\u003cp\u003e\u003cspan class='s1'\u003eImplementing 2FA with Auth0 is easy and simple. You can implement 2FA with our \u003cem\u003eGuardian\u003c/em\u003e app or with third-party 2FA providers. Out-of-the-box we provide two popular 2FA providers, \u003cem\u003eGoogle Authenticator\u003c/em\u003e and \u003cem\u003eDuo\u003c/em\u003e, which can be setup with minimal effort in just a few minutes. \u003c/span\u003e\u003c/p\u003e\u003cp class='p1'\u003e\u003cspan class='s1'\u003eAdditionally, you can implement custom providers and rules to enhance and fine-tune the workflow for 2FA to meet the needs of your business. Let\u0026#8217;s see how this process works with Guardian.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/two-factor.png' alt='TWO FACTOR AUTHENTICATION' /\u003e\u003c/p\u003e"},{"title":"Two Factor Authentication with Auth0 and Guardian","description":"\u003cp\u003eImplementing 2FA with Auth0 and Guardian can be done in as little as two steps.\u003c/p\u003e\u003col\u003e\u003cli\u003eIn the Auth0 management dashboard, navigate to the Multifactor Auth section.\u003c/li\u003e\u003cli\u003eEnable how you would like your users to receive their 2FA codes. You can choose push notifications, SMS, or both.\u003cimg loading='lazy' class='size-large wp-image-600 aligncenter' src='https://cdn2.auth0.com/blog/learn/2fa/enable-guardian.png' alt='Enable Multifactor Authentication with Guardian' width='1024' height='728' /\u003e\u003c/li\u003e\u003cli\u003e(Optional) Configure which of your Auth0 Applications 2FA should be enabled for and make any additional configuration changes as needed.\u003cimg loading='lazy' class='size-large wp-image-601 aligncenter' src='https://cdn2.auth0.com/blog/learn/2fa/guardian-settings.png' alt='Guardian Rules Configuration' width='1024' height='728' /\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eSave your changes and 2FA with Guardian will be enabled for your app! The next time a user attempts to login they will be prompted to setup 2FA before gaining access to your app.\u003c/p\u003e\u003cp\u003e\u003cimg loading='lazy' class='size-large wp-image-602 aligncenter' src='https://cdn2.auth0.com/blog/learn/2fa/guardian.png' alt='Guardian App' width='1024' height='728' /\u003e\u003c/p\u003e"},{"title":"Adaptive Context-aware Multifactor","description":"\u003cp\u003eAdaptative Context-aware Multifactor allows you to enforce 2FA or additional layers of authentication based on different conditions such as: geographic location, time of day/week, type of network, custom domains, certain IPs or any arbitrary condition that can be expressed in code on the Auth0 platform.\u003c/p\u003e\u003cp\u003eBy default, 2FA is only requested when the overall assessed confidence is low. However, you can enforce it to be requested every time a user logs on or define your logic within actions to trigger 2FA.\u003c/p\u003e\u003cp\u003eYou can define rules such as when accessing mission-critical applications from outside of your company’s intranet, when accessing from a different device or from a new location.\u003c/p\u003e"}]},{"id":"refresh-tokens","title":"Understanding Refresh Tokens","description":"Learn about refresh tokens and the role they serve in the authorization process","category":"concepts","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/6qjjCX50F0ybRfPmk8TXSS/91fa2f7357a7fbcd473b5f558dc724f7/refresh-tokens.png","mimeType":"image/png"},"content":[{"title":"What Are Refresh Tokens?","description":" \u003cp\u003e\u003cspan style='font-weight: 400;'\u003eModern secure applications often use \u003c/span\u003e\u003cstrong\u003e\u003ca href='https://auth0.com/docs/tokens/overview-access-tokens'\u003eaccess tokens\u003c/a\u003e\u003c/strong\u003e\u003cspan style='font-weight: 400;'\u003e to ensure a user has access to the appropriate resources, and these access tokens typically have a limited lifetime. This is done for various security reasons: for one, limiting the lifetime of the access token limits the amount of time an attacker can use a stolen token. In addition, the information contained in or referenced by the access token could become stale.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-weight: 400;'\u003eWhen access tokens expire or become invalid but the application still needs to access a protected resource, the application faces the problem of getting a new access token without forcing the user to once again grant permission. To solve this problem, OAuth 2.0 introduced an artifact called a \u003c/span\u003e\u003cstrong\u003e\u003ca href='https://auth0.com/docs/tokens/refresh-token/current'\u003erefresh token\u003c/a\u003e\u003c/strong\u003e\u003cspan style='font-weight: 400;'\u003e. A refresh token allows an application to obtain a new access token without prompting the user.\u003c/span\u003e\u003c/p\u003e\u003cdiv class='new-banner' style='background-color: #f5f7f9; width: 100%; display: flex; flex-direction: row; justify-content: center; align-items: center; border-radius: 3px; box-shadow: 0px 4px 8px rgba(0,0,0,0.15); margin: 60px 0 20px 0;'\u003e\u003cdiv class='new-banner-text' style='width: 50%; padding-left: 40px; font-size: 24px; color: #333333; text-align: initial; font-weight: 500; line-height: normal;'\u003eLearn about the de facto standard for handling authentication in the modern world. \u003ca class='wow btn btn-lg btn-success js-try new-banner-button' style='margin-top: 24px; font-weight: bold; background: #F8931E;' href='https://auth0.com/resources/ebooks/the-openid-connect-handbook'\u003eDOWNLOAD THE FREE EBOOK\u003c/a\u003e\u003c/div\u003e\u003cp style='margin: 0;'\u003e\u003cimg class='new-banner-image' style='margin: 0; height:260px;' src='https://images.ctfassets.net/kbkgmx9upatd/HYNsfZub6bc33ELRFNpJK/0f6d0f202e3198c3c52786b8813f9ad5/oidc_2x.png' alt='ipad pro handbook'\u003e\u003c/p\u003e\u003c/div\u003e"},{"title":"Obtaining Refresh Tokens","description":"\u003cp\u003e\u003cspan\u003eA refresh token can be requested by an application as part of the process of obtaining an access token. Many authorization servers implement the \u003c/span\u003e\u003ca href='https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess'\u003e\u003cspan\u003erefresh token request mechanism\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e defined in the OpenID Connect \u003c/span\u003e\u003ca href='https://openid.net/specs/openid-connect-core-1_0.html'\u003e\u003cspan\u003especification\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e. In this case, an application must include the \u003ccode\u003eoffline_access\u003c/code\u003e scope when initiating a request for an authorization code. After the user successfully authenticates and grants consent for the application to access the protected resource, the application will receive an authorization code that can be exchanged at the token endpoint for both an access and a refresh token.\u003c/span\u003e\u003c/p\u003e"},{"title":"Using Refresh Tokens","description":"\u003cp\u003e\u003cspan\u003eWhen a new access token is needed, the application can make a \u003ccode\u003ePOST\u003c/code\u003e request back to the token endpoint using a grant type of \u003ccode\u003erefresh_token\u003c/code\u003e (web applications need to include a \u003c/span\u003e\u003ca href='https://auth0.com/docs/applications/concepts/client-secret'\u003e\u003cspan\u003eclient secret\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e). To use a refresh token to obtain a new ID token, the authorization server would need to support OpenID Connect and the \u003c/span\u003e\u003ca href='https://auth0.com/docs/scopes/current'\u003e\u003cspan\u003escope\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e of the original request would need to include \u003ccode\u003eopenid\u003c/code\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eWhile refresh tokens are often long-lived, the authorization server can invalidate them. Some of the reasons a refresh token may no longer be valid include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003ethe authorization server has revoked the refresh token\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003ethe user has revoked their consent for authorization\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003ethe refresh token has expired\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003ethe authentication policy for the resource has changed (e.g., originally the resource only used usernames and passwords, but now it requires \u003c/span\u003e\u003ca href='https://auth0.com/docs/multifactor-authentication'\u003e\u003cspan\u003eMFA\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e)\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003eBecause refresh tokens have the potential for a long lifetime, developers should ensure that strict storage requirements are in place to keep them from being leaked. For example, on web applications, refresh tokens should only leave the backend when being sent to the authorization server, and the backend should be secure. The client secret should be protected in a similar fashion. Mobile applications do not require a client secret, but they should still be sure to store refresh tokens somewhere only the client application can access.\u003c/span\u003e\u003c/p\u003e"},{"title":"Refresh Tokens at Auth0","description":"\u003cp\u003e\u003cspan\u003eWith Auth0, you can get a refresh token when using the \u003cstrong\u003eAuthorization Code Flow\u003c/strong\u003e (for \u003c/span\u003e\u003ca href='https://auth0.com/docs/flows/concepts/regular-web-app-login-flow'\u003e\u003cspan\u003eregular web \u003c/span\u003e\u003c/a\u003e\u003cspan\u003eor \u003c/span\u003e\u003ca href='https://auth0.com/docs/flows/concepts/mobile-login-flow'\u003e\u003cspan\u003enative/mobile\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e apps), the \u003c/span\u003e\u003cstrong\u003e\u003ca href='https://auth0.com/docs/flows/concepts/device-auth'\u003eDevice Flow\u003c/a\u003e\u003c/strong\u003e\u003cspan\u003e, or the \u003c/span\u003e\u003cstrong\u003e\u003ca href='https://auth0.com/docs/api-auth/grant/password'\u003eResource Owner Password Grant\u003c/a\u003e\u003c/strong\u003e\u003cspan\u003e. All of Auth0’s main SDKs support acquiring, using, and revoking refresh tokens out of the box, without you having to worry about formatting messages. Languages with SDK support include \u003c/span\u003e\u003ca href='https://github.com/auth0/node-auth0'\u003e\u003cspan\u003eNode.js\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e, \u003c/span\u003e\u003ca href='https://github.com/auth0/Auth0.net'\u003e\u003cspan\u003e.NET\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e, \u003c/span\u003e\u003ca href='https://github.com/auth0/auth0-php'\u003e\u003cspan\u003ePHP\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e, and \u003c/span\u003e\u003ca href='https://auth0.com/docs/libraries#auth0-sdks'\u003e\u003cspan\u003emany more\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e!\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eTo learn more about refresh tokens at Auth0, including how to revoke them, check out \u003c/span\u003e\u003ca href='https://auth0.com/docs/tokens/refresh-token/current'\u003e\u003cspan\u003ethe refresh token documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e.\u003c/span\u003e\u003c/p\u003e"}]},{"id":"angular-authentication","title":"AngularJS Authentication, the Easy Way","description":"Add token authentication to your Angular 1.x or Angular 2 app in minutes with ready-to-go tools.","category":"frameworks","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/33GcVdZY4zm9bgyXP1e8kI/2c8d4b9f0ae3cded1f8fcad683321b8c/angular-hero.png","mimeType":"image/png"},"content":[{"title":"What Is AngularJS?","description":"\u003cp\u003eAngularJS is one of the world\u0026#8217;s most popular JavaScript frameworks for creating Single Page Applications. Developed by Google, Angular provides a host of tools that make it easy to wire up the various pieces that are required for a SPA. Things like two-way databinding, HTTP requests, templating, and routing are made simple with the AngularJS core library and third-party libraries contributed by the community.\u003c/p\u003e\u003cp\u003eAs with other SPA frameworks, Angular is only concerned with the front end and is agnostic about the server side. This decoupling, along with the client-side architecture that Angular provides, ultimately allows for greater flexibility as applications grow.\u003c/p\u003e\u003cp\u003eAngularJS Authentication from scratch can be a hassle, but it doesn\u0026#8217;t need to be. Keep reading below to find out how Auth0 makes it easy to add AngularJS authentication.\u003c/p\u003e"},{"title":"Tokens Work Best for Single Page Apps","description":"\u003cp\u003eAngularJS applications work differently than traditional round-trip applications. Like other Single Page App (SPA) frameworks, AngularJS apps typically rely on data APIs which are accessed by sending XHR requests from the client to the server.\u003c/p\u003e\u003cp\u003eAdding user authentication to AngularJS apps is also different. Traditional applications use session-based authentication which works by keeping the user’s authentication state saved in memory on the server, but this \u003ca href='https://auth0.com/blog/2015/09/28/5-steps-to-add-modern-authentication-to-legacy-apps-using-jwts/'\u003edoesn’t work so well for SPAs\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eTokens offer a better way to achieve AngularJS Authentication. Several different types of authentication tokens can work, but \u003ca href='https://jwt.io/introduction/'\u003eJSON Web Tokens\u003c/a\u003e are the best solution.\u003c/p\u003e"},{"title":"JSON Web Tokens","description":"\u003cp\u003eJSON Web Token (JWT) is an open standard (\u003ca href='https://tools.ietf.org/html/rfc7519'\u003eRFC 7519\u003c/a\u003e) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. There are many reasons that JWT authentication is preferable:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCompact and self-contained\u003c/strong\u003e: all data needed for authentication exists in the token. It can be transmitted quickly because of its small size.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDigitally signed\u003c/strong\u003e: tokens are verified against a secret key on the server. They are secure because the content of the JWT can’t be tampered with unless the secret key is known.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSimple\u003c/strong\u003e: JWTs are conceptually straight-forward and have low overhead. Since they provide a stateless means for authentication, they can be used across multiple servers and domains without running into CORS issues.\u003c/p\u003e"},{"title":"AngularJS Authentication with Auth0 - How It Works","description":"\u003cp\u003eWith Auth0, your AngularJS app only needs to talk to our API when the user logs in. All other API calls go directly to your server as they normally would.\u003c/p\u003e\u003cp\u003eUsing either our Lock Widget or your own custom login screen, your users send their credentials to our API to be authenticated. Upon success, a JWT is returned and saved in their browser’s local storage.\u003c/p\u003e\u003cpre\u003eauth.signin({}, function(profile, token) {\n // Success callback\n store.set('profile', profile);\n store.set('token', token);\n $location.path('/');\n});\u003c/pre\u003e\u003cp\u003eAPI endpoints that you wish to secure are protected with middleware that requires a valid JWT to be sent in HTTP requests. The user’s JWT is sent as an Authorization header and is verified against your secret key. A jwtInterceptor is configured to send the user’s JWT on all requests.\u003c/p\u003e\u003cpre\u003ejwtInterceptorProvider.tokenGetter = ['store', function(store) {\n // Return the saved token\n return store.get('token');\n}]; \n\n$httpProvider.interceptors.push('jwtInterceptor');\u003c/pre\u003e"},{"title":"Lock - The Login Box Done Right","description":"\u003cp\u003eOur Lock widget is a beautifully designed, all-in-one, embeddable login box for your AngularJS apps. It provides sign up, sign in, password reset, and other features that are ready to go. The widget’s styles can be easily customized to line up with your brand, and you can use one of our pre-made themes to help.\u003cbr /\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/lock-mobile.png' alt='Lock Mobile' /\u003e\u003c/p\u003e"},{"title":"Angular 2 Authentication Support","description":"\u003cp\u003eAngular 2 has yet to be officially released and is \u003ca href='http://splintercode.github.io/is-angular-2-ready/'\u003enot recommended for production\u003c/a\u003e, but you can still use Auth0 in your Angular 2 apps. Our \u003cstrong\u003eangular2-jwt\u003c/strong\u003e helper library makes it easy to send authenticated HTTP requests to your server and to handle routing based on the user’s authentication state.\u003c/p\u003e"}]},{"id":"gcp","title":"GCP Identity Management Simplified with Auth0","description":"Auth0 has joined the Google Cloud Platform Partner Program to make it easier than ever for organizations to implement modern identity in their applications.","category":"growth","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/p3EtzHtitWRymkGcPrhY0/95f1fe57bad7969899db841bf9a94cf5/gcp-logo.png","mimeType":"image/png"},"content":[{"title":"Universal Scale, Personalized Identity","description":"\u003cdiv\u003e\u003cimg alt='Universal Scale, Personalized Identity'src='https://images.ctfassets.net/kbkgmx9upatd/5O8m6BJz9xEk6yyNs9wpGk/9e1025c09d6df2eafb36545940c16fbf/gcp-one.png'\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cspan\u003eThe Google Cloud Platform makes it painless to deploy, manage, and scale your application infrastructure. Why shouldn’t managing identity within your applications be just as easy? With Auth0, it can be.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eAuth0 solves security and identity challenges for organizations by providing a complete platform for managing modern identity. Whether your organization needs Single Sign On (SSO), Multifactor or Passwordless authentication, or anything in between, our identity platform has you covered.\u003c/span\u003e\u003c/p\u003e"},{"title":"Why Auth0","description":"\u003cdiv class='module-img' style='background-color: #ffffff'\u003e\u003cdiv class='img-inner wow'\u003e\u003cimg alt='Why Auth0'src='https://images.ctfassets.net/kbkgmx9upatd/1f9k6e5k8XV8S9aRg6eCMk/402058e3ede7903d6aa8279a16ff04e1/gcp-two.png'\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cb\u003eOne-stop identity\u003c/b\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003eAuth0 provides a single platform for all your identity requirements across all applications, for employees, business partners, consumers, and IoT devices.\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cb\u003eExtensibility\u003c/b\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003eIn this fast-changing world, your applications and products must also keep changing and evolving to keep up. You need an identity partner that can always evolve with you, and thanks to Auth0’s extensibility features, you will.\u003c/span\u003e\u003c/p\u003e"}]},{"id":"build-or-buy-20-identity-management-questions","title":"Build or Buy? 20 Identity Management Questions.","description":"Identity Management is well understood - been doing it since the first computers. How hard can it be? Harder than you think - take the Build or Buy Quiz!","category":"growth","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/4P6HVNR55w7lxTbRlgylBC/df3659a003cec121c2f91e7212ddc1f0/Build-v-Buy-Hero.png","mimeType":"image/png"},"content":[{"title":"","description":"\u003cp style='text-align: center; margin-bottom: 20px;'\u003e\u003ca style='font-weight: 400;' href='http://resources.auth0.com/build-vs-buy-evaluating-identity-management/'\u003eGet the free eBook on Build vs Buy: Guide to Evaluating Identity Management Solutions\u003c/a\u003e\u003c/p\u003e\u003cp style='text-align: center;'\u003e\u003ci\u003e\u003cspan style='font-weight: 400;'\u003e“I’m a big proponent of letting experts do what they do best. If you get identity management wrong, it falls apart horribly, and you get put on the front page of the newspaper as having exposed a large number of people to really bad things. I didn’t want to rely on building it ourselves.”\u003c/span\u003e\u003c/i\u003e\u003c/p\u003e\u003cp style='text-align: right;'\u003e\u003cb\u003e— David Bernick, \u003c/b\u003e\u003ca href='https://auth0.com/learn/harvard-medical-school-identity-secures-nih-research/'\u003e\u003cb\u003eHarvard Medical School\u003c/b\u003e\u003c/a\u003e\u003c/p\u003e"},{"title":"Why Build Identity Management?","description":"\u003cp\u003e\u003cspan\u003eIdentity management has been a staple component of software since the dawn of computing: punch card batch jobs and early timesharing systems were protected by username/password authentication. With so much history, you’d think identity management would be a solved problem.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003eMaybe you’re doing something simple: no sensitive information or privacy issues, and your security requirements are modest, you don’t have many users or many different types of users, you’ve got only a few apps.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eAnd you’re an experienced developer or part of a high-skilled team, been building authentication for apps, sites, APIs, services for years.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eAnd your budget is pared to the bone. Have to make some choices \u0026#8211; seems like a no-brainer to save the money for something more strategic.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003eLet’s be honest: If you’re just using one or two social providers for a simple web application, without needing a username/password database yourself, or any other more elaborate features, it is easy enough to DIY. By all means, leverage the \u003ca href='http://passportjs.org/' target='_blank' rel='noopener noreferrer'\u003ebasic authentication libraries\u003c/a\u003e you can find in any open source framework, and be done with it.\u003c/span\u003e\u003c/p\u003e"},{"title":"Why Buy Identity Management?","description":"\u003cp\u003e\u003cspan\u003eWe often hear from development teams considering Auth0:\u003c/span\u003e\u003c/p\u003e\u003ch4 style='text-align: center;'\u003e\u003ci\u003e\u003cspan\u003eIf you’re competent, it seems hard to justify spending $ on Identity Management if your needs are simple.\u003c/span\u003e\u003c/i\u003e\u003c/h4\u003e\u003cp style='text-align: left;'\u003e\u003cstrong\u003eLet’s dig into this.\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003e\u003cspan\u003eSkills\u003c/span\u003e\u003c/h2\u003e\u003cp\u003e\u003cspan\u003eSure Identity Management seems simple. But failure is terrifying. A lot can go wrong, and when it does, \u003c/span\u003e\u003ca href='https://haveibeenpwned.com/' target='_blank' rel='noopener noreferrer'\u003e\u003cspan\u003eyour reputation is seriously damaged\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e. In the face of persistent hack attempts, a never-ending stream of vulnerabilities to mitigate, do you know what you’re doing well enough to protect your users and your business?\u003c/span\u003e\u003c/p\u003e\u003ch2\u003e\u003cspan\u003eResources \u003c/span\u003e\u003c/h2\u003e\u003cp\u003e\u003cspan\u003eDo-it-yourself is not free \u0026#8211; there is opportunity cost to committing resources to Identity Management. Is authentication really what you want to be doing? Focus on your core business and add value. You wouldn’t write your own RDBMS. Identity management is like an RDBMS. Why build infrastructure like identity management when you can pay sensible money to delegate that non-core heavy lifting to specialists? \u003cspan\u003eAnd with the \u003c/span\u003e\u003ca href='http://www.prnewswire.com/news-releases/ponemon-institutes-2015-global-cost-of-data-breach-study-reveals-average-cost-of-data-breach-reaches-record-levels-300089057.html' target='_blank' rel='noopener noreferrer'\u003e\u003cspan\u003ecost of an identity hack\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e potentially running into the $millions, what is security worth? Consider these factors when evaluating the ROI of buying identity management!\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003ch2\u003e\u003cspan\u003eComplexity\u003c/span\u003e\u003c/h2\u003e\u003cp\u003e\u003cspan\u003eApplications, and products often start simple. But once you get past version one, you may need to support a broad range of identity providers. You might have partners. You could be rolling out mobile apps, and an API. Your user base hopefully will grow. You may be in a regulated industry with \u003ca href='https://www.pcisecuritystandards.org/' target='_blank' rel='noopener noreferrer'\u003ecompliance\u003c/a\u003e demands. It\u0026#8217;s never as simple as it seems at first. The cost of maintaining your own identity management may be much higher than you\u0026#8217;re expecting.\u003c/span\u003e\u003c/p\u003e"},{"title":"The Quiz","description":"\u003cp\u003e\u003cspan\u003eSome of these questions you might already have answered. Some might be irrelevant, Some might be problems you’ll face as you work through your IAM implementation. But we invite you to think about them realistically, based on your current state and where you think you’ll be going in the next months and years. And click the links to understand how Auth0 answers these identity management questions and the complexity we’re handling as part of our comprehensive offering.\u003c/span\u003e\u003c/p\u003e"},{"title":"Users","description":"\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3 style='text-align: left;'\u003e\u003cspan style='font-weight: 400;'\u003e1.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd style='text-align: left;'\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cspan style='font-weight: 400;'\u003eHave you thought about how you’ll \u003c/span\u003e\u003ca href='https://auth0.com/docs/api/v2'\u003e\u003cspan style='font-weight: 400;'\u003eimplement user management\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e? \u003c/span\u003e\u003ca href='https://auth0.com/docs/libraries/lock'\u003e\u003cspan style='font-weight: 400;'\u003eSelf-service\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e or \u003c/span\u003e\u003ca href='https://manage.auth0.com/#/'\u003e\u003cspan style='font-weight: 400;'\u003eadmin managed\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e? What is the \u003c/span\u003e\u003ca href='https://auth0.com/lock'\u003e\u003cspan style='font-weight: 400;'\u003euser experience\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e?\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan style='font-weight: 400;'\u003e2.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cspan style='font-weight: 400;'\u003eDo you have users who will \u003c/span\u003e\u003ca href='https://auth0.com/docs/link-accounts'\u003e\u003cspan style='font-weight: 400;'\u003eauthenticate with more than one IdP\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e? How will you know it’s the same user?\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan style='font-weight: 400;'\u003e3.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cspan style='font-weight: 400;'\u003eDo you have \u003c/span\u003e\u003ca href='https://auth0.com/docs/applications'\u003e\u003cspan style='font-weight: 400;'\u003emultiple applications\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e which will need to authenticate? If so, do they all use the same \u003c/span\u003e\u003ca href='https://auth0.com/docs'\u003e\u003cspan style='font-weight: 400;'\u003edevelopment stack\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e?\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003ctable style='background-color: #eeeeee;'\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px; padding-top: 40px;'\u003e\u003cp style='text-align: center; padding-left: 30px;'\u003e\u003ci\u003e\u003cspan style='font-weight: 400;'\u003e“Compared to the costs and resources required to build, host, and secure a custom solution, the investment associated with a third-party authentication service like Auth0 was a sensible choice.”\u003c/span\u003e\u003c/i\u003e\u003c/p\u003e\u003cp style='text-align: right; padding-left: 30px;'\u003e\u003cb\u003e\u003cb\u003e \u003c/b\u003e\u003c/b\u003e— Cris Concepcion, \u003ca href='https://auth0.com/learn/safari-case-study/'\u003eSafari\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan style='font-weight: 400;'\u003e4.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cspan style='font-weight: 400;'\u003eWhat \u003c/span\u003e\u003ca href='https://auth0.com/learn/powering-user-analytics-identity/'\u003e\u003cspan style='font-weight: 400;'\u003eanalytics\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e will you need for account creation and authentication events? How will you \u003c/span\u003e\u003ca href='https://auth0.com/docs/scenarios/splunk'\u003e\u003cspan style='font-weight: 400;'\u003ecollect\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e, \u003c/span\u003e\u003ca href='https://github.com/auth0/rules/blob/master/rules/mixpanel-track-event.md'\u003e\u003cspan style='font-weight: 400;'\u003eanalyze\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e, and \u003c/span\u003e\u003ca href='https://github.com/auth0/auth0-dashboard-widget'\u003e\u003cspan style='font-weight: 400;'\u003evisualize\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e this data?\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan style='font-weight: 400;'\u003e5.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cspan style='font-weight: 400;'\u003eHow will you \u003c/span\u003e\u003ca href='https://manage.auth0.com/#/anomaly'\u003e\u003cspan style='font-weight: 400;'\u003eflag and mitigate anomalies\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e in user management and \u003c/span\u003e\u003ca href='https://github.com/auth0/rules/blob/master/rules/fraud-prevention-with-minfraud.md' target='_blank' rel='noopener noreferrer'\u003e\u003cspan style='font-weight: 400;'\u003eauthentication events\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-weight: 400;'\u003e?\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"},{"title":"Applications","description":"\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3 style='text-align: left;'\u003e\u003cspan\u003e6.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd style='text-align: left;'\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eHow can you use to stay on top of \u003ca href='http://www.securityawareness.com/is_lists.htm' target='_blank' rel='noopener noreferrer'\u003epotential security vulnerabilities\u003c/a\u003e? How will you handle \u003ca href='http://www.heinz.cmu.edu/~rtelang/disclosure_jan_06.pdf' target='_blank' rel='noopener noreferrer'\u003epatch delays\u003c/a\u003e to \u003ca href='http://www.krannert.purdue.edu/academics/mis/workshop/papers/ars_092305.pdf' target='_blank' rel='noopener noreferrer'\u003elibraries\u003c/a\u003e you rely upon?\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003ctable style='background-color: #eeeeee;'\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px; padding-top: 40px;'\u003e\u003cp style='text-align: center; padding-left: 30px;'\u003e\u003ci\u003e“Before any news sites reported on last year’s \u003c/i\u003e\u003ca href='http://heartbleed.com/' target='_blank' rel='noopener noreferrer'\u003e\u003ci\u003eHeartbleed\u003c/i\u003e\u003c/a\u003e\u003ci\u003e zero day vulnerability, Auth0 emailed us to alert us to the situation. There was already a patch to eliminate the Heartbleed threat from Auth0’s systems, followed by a confirmation email that Auth0 had already installed this patch on the Schneider Electric instance of Auth0’s service.”\u003c/i\u003e\u003c/p\u003e\u003cp style='text-align: right; padding-left: 30px;'\u003e\u003cb\u003e\u003cb\u003e \u003c/b\u003e\u003c/b\u003e— Stephen Berard, \u003ca href='https://auth0.com/learn/schneider-electric-case-study/'\u003eSchneider Electric\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan\u003e7.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eWhat about the inevitable \u003ca href='https://auth0.com/blog/2015/12/03/why-using-open-standards-helps-close-enterprise-deals/'\u003estandards incompatibilities\u003c/a\u003e and \u003ca href='https://developers.facebook.com/docs/apps/changelog' target='_blank' rel='noopener noreferrer'\u003echanges\u003c/a\u003e to attributes and\u003ca href='https://developers.google.com/+/web/api/rest/auth-migration' target='_blank' rel='noopener noreferrer'\u003epermissions\u003c/a\u003e for \u003ca href='https://manage.auth0.com/#/connections/social'\u003edifferent social IdPs\u003c/a\u003e? Implementation differences between \u003ca href='https://manage.auth0.com/#/connections/enterprise'\u003eenterprise IdPs\u003c/a\u003e? For different \u003ca href='https://shibboleth.net/products/opensaml-java.html' target='_blank' rel='noopener noreferrer'\u003edevelopment stacks\u003c/a\u003e and authentication\u003ca href='https://www.npmjs.com/package/saml2-js' target='_blank' rel='noopener noreferrer'\u003e libraries\u003c/a\u003e? How will you deal with all of this?\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003ctable style='background-color: #eeeeee;'\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px; padding-top: 40px;'\u003e\u003cp style='text-align: center; padding-left: 30px;'\u003e\u003ci\u003e“I didn’t have to write difficult code for every IdP we needed to integrate with. It was just writing one thing, very simple, and that was it to implement secure authentication.”\u003c/i\u003e\u003c/p\u003e\u003cp style='text-align: right; padding-left: 30px;'\u003e\u003cb\u003e\u003cb\u003e \u003c/b\u003e\u003c/b\u003e— David Bernick, \u003ca href='https://auth0.com/learn/harvard-medical-school-identity-secures-nih-research/'\u003eHarvard Medical School\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan\u003e8.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eCan your ops team stay on top of \u003ca href='https://auth0.com/blog/2016/01/18/how-to-build-your-customer-trust-through-soc-2/'\u003ebest practices\u003c/a\u003e for securely configuring authentication infrastructure? \u003ca href='https://auth0.com/docs/appliance'\u003eOn-premises\u003c/a\u003e and in private cloud instances?\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan\u003e9.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eWhat is your MFA strategy? How will you \u003ca href='https://auth0.com/docs/multifactor-authentication'\u003eintegrate\u003c/a\u003e it across different clients? Want your mobile users to use \u003ca href='https://auth0.com/docs/libraries/lock-ios/touchid-authentication'\u003eTouch ID on their IOS devices\u003c/a\u003e to authenticate to your applications?\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan\u003e10.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eHave you considered \u003ca href='https://auth0.com/learn/marks-spencer-auth0-authentication-scalability-in-action/#'\u003escalability\u003c/a\u003e, performance, and \u003ca href='https://auth0.com/availability-trust'\u003ereplication/availability\u003c/a\u003e requirements for your user store?\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003ctable style='background-color: #eeeeee;'\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px; padding-top: 40px;'\u003e\u003cp style='text-align: center; padding-left: 30px;'\u003e\u003ci\u003e“Auth0 provided the perfect fit of out-of-the-box features, flexibility and enterprise-level service. The team at Auth0 went above and beyond to accommodate our crazy performance testing and deadline needs.”\u003c/i\u003e\u003c/p\u003e\u003cp style='text-align: right; padding-left: 30px;'\u003e\u003cb\u003e\u003cb\u003e \u003c/b\u003e\u003c/b\u003e— AKQA, marketing partner for \u003ca href='https://auth0.com/learn/marks-spencer-auth0-authentication-scalability-in-action/'\u003eMarks \u0026amp; Spencer\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"},{"title":"IdPs and Standards","description":"\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3 style='text-align: left;'\u003e\u003cspan\u003e11.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd style='text-align: left;'\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eWhen you \u003ca href='https://auth0.com/learn/migrate-user-database-auth0/'\u003emigrate legacy UN/PW databases\u003c/a\u003e to more modern Identity Management, how will you deliver a good user experience with no password resets?\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003ctable style='background-color: #eeeeee;'\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px; padding-top: 40px;'\u003e\u003cp style='text-align: center; padding-left: 30px;'\u003e\u003ci\u003e\u003ci\u003e“Auth0 brought along a host of out of the box connectors which made it very simple for Auth0 to connect with our CRM system to use the existing database as a user store and act as an Identity provider.”\u003c/i\u003e\u003cbr /\u003e\u003c/i\u003e\u003c/p\u003e\u003cp style='text-align: right; padding-left: 30px;'\u003e\u003cb\u003e\u003cb\u003e \u003c/b\u003e\u003c/b\u003e— Amol Date, \u003ca href='https://auth0.com/learn/jetprivilege-case-study/'\u003eJetPrivilege\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan\u003e12.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eHow will you on-board new \u003ca href='https://auth0.com/learn/the-b2b-customer-value-journey/'\u003eB2B customers wanting SSO\u003c/a\u003e for your product or \u003ca href='https://auth0.com/learn/safari-case-study/'\u003eservice\u003c/a\u003e? Can you federate with partners who use \u003ca href='https://auth0.com/docs/connections/enterprise/active-directory'\u003eActive Directory\u003c/a\u003e behind the firewall?\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003ctable style='background-color: #eeeeee;'\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px; padding-top: 40px;'\u003e\u003cp style='text-align: center; padding-left: 30px;'\u003e\u003ci\u003e“Setting up our application to integrate with one partner and then having that partner act as a service hub for dozens of identity systems helps simplify work for our core development teams, while allowing our customer base to grow exponentially.”\u003c/i\u003e\u003c/p\u003e\u003cp style='text-align: right; padding-left: 30px;'\u003e\u003cb\u003e\u003cb\u003e \u003c/b\u003e\u003c/b\u003e— Cris Concepcion, \u003ca href='https://auth0.com/learn/safari-case-study/'\u003eSafari\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan\u003e13.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eDifferent SAML IdPs can store and deliver claims in many formats – do you have a straightforward method for \u003ca href='https://github.com/auth0/rules/blob/master/rules/saml-attribute-mapping.md' target='_blank' rel='noopener noreferrer'\u003enormalizing claims\u003c/a\u003e?\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan\u003e14.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003ca href='http://openid.net/connect/faq/' target='_blank' rel='noopener noreferrer'\u003eOpenID Connect\u003c/a\u003e is a popular new standard for authentication: REST/JSON, OAuth2 based, developer-friendly. But the interoperability devil is in the \u003ca href='https://auth0.com/docs/oidc-rs256-owin'\u003edetails\u003c/a\u003e. How will you \u003ca href='https://auth0.com/docs/auth-api'\u003eimplement\u003c/a\u003e it across development stacks and clients?\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"},{"title":"Security and Compliance","description":"\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3 style='text-align: left;'\u003e\u003cspan style='font-weight: 400;'\u003e15.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd style='text-align: left;'\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eIdentity systems are an attractive target for attacks. Have you thought about implementing \u003ca href='https://manage.auth0.com/#/anomaly'\u003ebrute-force protections\u003c/a\u003e? \u003ca href='https://auth0.com/docs/connections/database/rate-limits'\u003eDDoS prevention\u003c/a\u003e and mitigation on \u003ca href='https://auth0.com/docs/rate-limits'\u003eendpoints\u003c/a\u003e?\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan style='font-weight: 400;'\u003e16.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eShould you plan to use 3rd party security consultancies to do i\u003ca href='https://liftsecurity.io/' target='_blank' rel='noopener noreferrer'\u003endependent penetration tests\u003c/a\u003e, code reviews and audits, and architecture reviews to \u003ca href='https://www.ssllabs.com/ssltest/analyze.html?d=manage.auth0.com\u0026amp;latest' target='_blank' rel='noopener noreferrer'\u003evalidate security\u003c/a\u003e and best practices?\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan style='font-weight: 400;'\u003e17.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eHow will you handle \u003ca href='https://auth0.com/whitehat'\u003ereports\u003c/a\u003e from the security community of vulnerabilities in your Identity implementation?\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003ctable style='background-color: #eeeeee;'\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px; padding-top: 40px;'\u003e\u003cp style='text-align: center; padding-left: 30px;'\u003e\u003ci\u003e“Every technology has vulnerabilities, and if you don’t have a public process for responsible hackers to report them, you are only going to find out about them through attacks in the black market.”\u003c/i\u003e\u003c/p\u003e\u003cp style='text-align: right; padding-left: 30px;'\u003e\u003cb\u003e\u003cb\u003e \u003c/b\u003e\u003c/b\u003e— Alex Rice, Facebook, in \u003ca href='http://www.nytimes.com/2015/06/08/technology/hackerone-connects-hackers-with-companies-and-hopes-for-a-win-win.html?_r=0' target='_blank' rel='noopener noreferrer'\u003e“\u003ci\u003eHackerOne Connects Hackers With Companies, and Hopes for a Win-Win”\u003c/i\u003e\u003c/a\u003e\u003ci\u003e, The New York Times, June 7, 2015\u003c/i\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan style='font-weight: 400;'\u003e18.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eWill you need contextual step-up authentication? For instance – \u003ca href='https://github.com/auth0/rules/blob/master/rules/ip-address-whitelist.md' target='_blank' rel='noopener noreferrer'\u003eIP range\u003c/a\u003e, or \u003ca href='https://github.com/auth0/rules/blob/master/rules/active-directory-groups.md' target='_blank' rel='noopener noreferrer'\u003eActive Directory group membership\u003c/a\u003e? Password \u003ca href='https://auth0.com/docs/connections/database/password-strength'\u003epolicies\u003c/a\u003e? Or would \u003ca href='https://auth0.com/docs/connections/passwordless'\u003epasswordless authentication\u003c/a\u003e make sense for your users?\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"},{"title":"On Time, Under Budget","description":"\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3 style='text-align: left;'\u003e\u003cspan style='font-weight: 400;'\u003e19.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd style='text-align: left;'\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eHow much \u003ca href='https://www.isc2cares.org/uploadedFiles/wwwisc2caresorg/Content/GISWS/FrostSullivan-(ISC)%C2%B2-Global-Information-Security-Workforce-Study-2015.pdf' target='_blank' rel='noopener noreferrer'\u003estaff\u003c/a\u003e will you need including IT ops, developers, and outside services such as forensics expertise? These people are hard to find and expensive to hire. Where will you source this talent and what will it cost?\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003ctable style='background-color: #eeeeee;'\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px; padding-top: 40px;'\u003e\u003cp style='text-align: center; padding-left: 30px;'\u003e\u003ci\u003e“\u003ci\u003eThe demand for security professionals is growing, but the supply of security professionals is not growing at the same rate. The result is growing salaries.”\u003c/i\u003e\u003cbr /\u003e\u003c/i\u003e\u003c/p\u003e\u003cp style='text-align: right; padding-left: 30px;'\u003e\u003cb\u003e\u003cb\u003e \u003c/b\u003e\u003c/b\u003e— \u003ca href='https://www.isc2cares.org/uploadedFiles/wwwisc2caresorg/Content/GISWS/FrostSullivan-(ISC)%C2%B2-Global-Information-Security-Workforce-Study-2015.pdf' target='_blank' rel='noopener noreferrer'\u003e“\u003ci\u003eThe 2015 (ISC)\u003c/i\u003e\u003ci\u003e2\u003c/i\u003e\u003ci\u003e Global Information Security Workforce Study”\u003c/i\u003e\u003c/a\u003e\u003ci\u003e, Frost \u0026amp; Sullivan, April 16, 2015\u003c/i\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px;'\u003e\u003ch3\u003e\u003cspan style='font-weight: 400;'\u003e20.\u003c/span\u003e\u003c/h3\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eWhen is your target date to go into production? How much time / how many iterations will your IAM solution require to implement?\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003ctable style='background-color: #eeeeee;'\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd style='padding: 15px; padding-top: 40px;'\u003e\u003cp style='text-align: center; padding-left: 30px;'\u003e\u003ci\u003e“While other vendors were laying down implementation timelines of months, Auth0 promised a timeline of only a few weeks.”\u003c/i\u003e\u003c/p\u003e\u003cp style='text-align: right; padding-left: 30px;'\u003e\u003cb\u003e\u003cb\u003e \u003c/b\u003e\u003c/b\u003e— Amol Date, \u003ca href='https://auth0.com/learn/jetprivilege-case-study/'\u003eJetPrivilege\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"}]},{"id":"social-login","title":"Social Login - Time to implement it in your apps","description":"Implement Social Login in a heartbeat with Auth0 and increase your registrations.","category":"concepts","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/3VNzx79uWL5H1JWtFMgLoj/968925d90ab3a09f4bb8bd95621823fe/catalog-social.png","mimeType":"image/png"},"content":[{"title":"What is Social Login?","description":"\u003cp\u003e\u003cstrong\u003eSocial Login\u003c/strong\u003e is single sign-on for end users. Using existing login information from a social network provider like \u003cem\u003eFacebook\u003c/em\u003e, \u003cem\u003eTwitter\u003c/em\u003e, or \u003cem\u003eGoogle\u003c/em\u003e, the user can sign into a third party website instead of creating a new account specifically for that website. This simplifies registrations and logins for end users.\u003c/p\u003e\u003cdiv class='new-banner' style='background-color: #f5f7f9; width: 100%; display: flex; flex-direction: row; justify-content: center; align-items: center; border-radius: 3px; box-shadow: 0px 4px 8px rgba(0,0,0,0.15); margin: 60px 0 20px 0;'\u003e\u003cdiv class='new-banner-text' style='width: 50%; padding-left: 40px; font-size: 24px; color: #333333; text-align: initial; font-weight: 500; line-height: normal;'\u003eLearn when you should build versus buy your identity platform. \u003ca class='wow btn btn-lg btn-success js-try new-banner-button' style='margin-top: 24px; font-weight: bold;' href='https://auth0.com/resources/whitepapers/build-vs-buy-evaluating-identity-management'\u003eDOWNLOAD THE FREE EBOOK\u003c/a\u003e\u003c/div\u003e\u003cp style='margin: 0;'\u003e\u003cimg style='margin: 0; height:260px;' class='new-banner-image' src='https://images.ctfassets.net/kbkgmx9upatd/gCc8XqSVP22vE02ggUJcQ/0153c8309476c0bceca1f37316e1f647/bvb_2x.png'\u003e\u003c/p\u003e"},{"title":"Why should you add Social Login to your applications?","description":"\u003cp\u003eAdding Social Login to your applications has several perks.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eIncrease registrations\u003c/strong\u003e: according to a \u003ca href='http://www.webhostingbuzz.com/blog/2013/03/21/whos-sharing-what/'\u003eWeb Hosting Buzz survey\u003c/a\u003e: \u003cstrong\u003e86 percent of users report being bothered by having to create new accounts on websites\u003c/strong\u003e. Some of these users would rather leave your site than register, which means that providing Social Login to your apps will increase the number of registrations to your site. The survey also states that 77 percent of respondents say that \u0026#8220;Social Login is a good solution that should be in any site.\u0026#8221;\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eEmail is verified\u003c/strong\u003e: The social network provider is in charge of verifying the user\u0026#8217;s email. If the provider shares this information (\u003cstrong\u003eTwitter\u003c/strong\u003e does not share the user email address, for example) you will get a real email address rather than the fake addresses that some users typically use to register in web applications. Additionally, the providers will handle the password recovery process.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eAccess richer user profiles\u003c/strong\u003e: Social network providers can give you additional information about users, such as location, interests, birthday, and more. Using this data, you can target personalized content to the user.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eUp-to-date profiles\u003c/strong\u003e: Users do not tend to keep their profiles updated in most applications they use, but they do it in social networks. Therefore, having Social Login ensure that you have accurate information about your users.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eOne-click return experience\u003c/strong\u003e: After users register in your application using Social Login, their return experience will be very simple, as they will probably be logged into the social network, and just one click will be enough to login to your application.\u003c/li\u003e\u003c/ul\u003e"},{"title":"How does Social Login work?","description":"\u003cp\u003eSocial Login is a simple process, with the following steps.\u003c/p\u003e\u003col\u003e\u003cli\u003eThe user enters your application and selects the desired social network provider.\u003c/li\u003e\u003cli\u003eA login request is send to the social network provider.\u003c/li\u003e\u003cli\u003eOnce the social network provider confirms the user\u0026#8217;s identity, a current user will get access to your application. A new user will be registered as a new user and then logged into the application.\u003c/li\u003e\u003c/ol\u003e"},{"title":"Social Providers with Auth0","description":"\u003cp\u003eAuth0 supports 30+ social providers: \u003cstrong\u003eFacebook\u003c/strong\u003e, \u003cstrong\u003eTwitter\u003c/strong\u003e, \u003cstrong\u003eGoogle\u003c/strong\u003e, \u003cstrong\u003eYahoo\u003c/strong\u003e,\u0026nbsp;\u003cstrong\u003eWindows Live\u003c/strong\u003e, \u003cstrong\u003eLinkedIn\u003c/strong\u003e, \u003cstrong\u003eGitHub\u003c/strong\u003e, \u003cstrong\u003ePayPal\u003c/strong\u003e,\u0026nbsp;\u003cstrong\u003eAmazon\u003c/strong\u003e, \u003cstrong\u003evKontakte\u003c/strong\u003e,\u0026nbsp;\u003cstrong\u003eYandex\u003c/strong\u003e, \u003cstrong\u003e37signals\u003c/strong\u003e, \u003cstrong\u003eBox\u003c/strong\u003e, \u003cstrong\u003eSalesforce\u003c/strong\u003e, \u003cstrong\u003eSalesforce (sandbox)\u003c/strong\u003e, \u003cstrong\u003eSalesforce Community\u003c/strong\u003e, \u003cstrong\u003eFitbit\u003c/strong\u003e, \u003cstrong\u003eBaidu\u003c/strong\u003e, \u003cstrong\u003eRenRen\u003c/strong\u003e, \u003cstrong\u003eWeibo\u003c/strong\u003e, \u003cstrong\u003eAOL\u003c/strong\u003e, \u003cstrong\u003eShopify\u003c/strong\u003e, \u003cstrong\u003eWordPress\u003c/strong\u003e,\u0026nbsp;\u003cstrong\u003eDwolla\u003c/strong\u003e, \u003cstrong\u003emiiCard\u003c/strong\u003e, \u003cstrong\u003eYammer\u003c/strong\u003e,\u0026nbsp;\u003cstrong\u003eSoundCloud\u003c/strong\u003e, \u003cstrong\u003eInstagram\u003c/strong\u003e, \u003cstrong\u003eThe City\u003c/strong\u003e, \u003cstrong\u003eThe City (sandbox)\u003c/strong\u003e, \u003cstrong\u003ePlanning Center\u003c/strong\u003e, \u003cstrong\u003eEvernote\u003c/strong\u003e, \u003cstrong\u003eEvernote (sandbox)\u003c/strong\u003e, and \u003cstrong\u003eExact\u003c/strong\u003e. Additionally, you can add any OAuth2 Authorization Server you need.\u003c/p\u003e\u003cp\u003eEvery provider has its own profile properties, required headers, and response format, and some use OAuth1 (\u003cstrong\u003eTwitter\u003c/strong\u003e) while others use OAuth2. Auth0 simplifies this for you, encapsulating the differences, and unifying the way to call providers and the information retrieved from all of them.\u003c/p\u003e\u003cp\u003eHow about including \u003cstrong\u003eSocial Login\u003c/strong\u003e in your application for free? Try our new free production-ready plan, which includes support for two social network providers of your choice. For more information, check our \u003ca href='https://auth0.com/pricing#free'\u003epricing page\u003c/a\u003e.\u003cbr /\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/social-providers.png' alt='SOCIAL PROVIDERS'\u003e\u003c/p\u003e"},{"title":"Social Login with Auth0 in a few steps","description":"\u003col\u003e\u003cli\u003eIn Auth0\u0026#8217;s Management Dashboard, click \u003cstrong\u003eConnections\u003c/strong\u003e and then \u003cstrong\u003eSocial\u003c/strong\u003e.\u003c/li\u003e\u003cli\u003eFlip the switch of the selected social network provider to enable it.\u003c/li\u003e\u003cli\u003eSelect the applications in which you would like to use this provider.\u003c/li\u003e\u003cli\u003eThe configuration popup will display. There you can select the desired attributes and permissions that you want to get from the provider. You can also enter your own \u003cem\u003eApp/Consumer Keys\u003c/em\u003e in this screen.\u003cbr /\u003e\u003cblockquote\u003e\u003cp\u003e\u003cstrong\u003eTip:\u003c/strong\u003e In the settings of each provider, there is a link explaining how to obtain your key for that provider. If you do that, the consent page will show your logo instead of Auth0\u0026#8217;s and you\u0026#8217;ll be able to use Auth0 to do SSO for these connections.\u003c/p\u003e\u003c/blockquote\u003e\u003c/li\u003e\u003cli\u003eClick \u003cstrong\u003eSave\u003c/strong\u003e.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/social-login/enabling-social-providers-2.gif' alt='Enabling Social Login in your applications'\u003e\u003c/p\u003e"},{"title":"Add your custom social connection using OAuth","description":"\u003cp\u003eThe most common identity providers are readily available on Auth0\u0026#8217;s dashboard. However, you can use Auth0\u0026#8217;s Connections API to add any \u003cstrong\u003eOAuth2 Authorization Server\u003c/strong\u003e as an identity provider.\u003c/p\u003e\u003cp\u003eAdding your custom connection is \u003cstrong\u003eeasy\u003c/strong\u003e! Just create a \u003cstrong\u003ecustom connection\u003c/strong\u003e, fill the configuration file by setting the required properties for your provider, such as \u003cstrong\u003eAuthorization URL\u003c/strong\u003e, \u003cstrong\u003eToken URL\u003c/strong\u003e, \u003cstrong\u003eClient ID\u003c/strong\u003e, \u003cstrong\u003eClient Secret\u003c/strong\u003e, and so on. Add logic to the \u003cstrong\u003efetchUserProfile\u003c/strong\u003e method to get the user profile from the provider and customize the returned JSON object that contains the user information. Finally, use your connection with any of the Auth0 standard mechanisms (e.g. direct links, Auth0 Lock, auth0.js, etc.) to login.\u003c/p\u003e\u003cp\u003eMore information about creating your custom OAuth2 connections can be found \u003ca href='https://auth0.com/docs/connections/social/oauth2#use-your-custom-connection'\u003ehere\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eRemember, you can always use \u003ca href='https://auth0.com/docs/rules'\u003eRules\u003c/a\u003e for more sophisticated manipulation of user information. If you are creating your own OAuth2 connection, we recommend that you use \u003ca href='https://developers.google.com/oauthplayground/'\u003eGoogle OAuth 2.0 Playground\u003c/a\u003e, where you can experiment with the OAuth 2.0 protocol and APIs that use the protocol. You can walk through each step of the OAuth 2.0 flow for server-side web applications. At each step, you will see the full HTTP requests and responses.\u003c/p\u003e\u003cp\u003eWanna try it out? Get Auth0\u0026#8217;s \u003ca href='https://auth0.com/pricing#free'\u003efree production-ready plan\u003c/a\u003e with support for up to 7,000 active users.\u003cbr /\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/oauth-social-connection.png' alt='Oauth Social Connection'\u003e\u003c/p\u003e"}]},{"id":"how-to-implement-single-sign-on","title":"How to Implement Single Sign On","description":"Implementing Single Sign On allows users to login to multiple systems with just one set of credentials.","category":"concepts","image":{"url":"https://images.ctfassets.net/23aumh6u8s0i/2xIzg7UIbBpGNvCeRsdn4k/32f29b73fc2b4bd33bac6fe124d9bfb1/what-is-sso-1","mimeType":"image/jpg"},"content":[{"title":"Classic User Authentication","description":"\u003cp\u003eWhen it comes to User Authentication, the classic approach is often the one that's used: collect the user credentials in the application - typically a UserID and a Password - validate them, and you're good to go. It's something that almost every application builder has implemented themselves at some point in their career.\u003c/p\u003e\u003cdiv class='new-banner' style='background-color:#f5f7f9;width:100%;display:flex;flex-direction:row;justify-content:center;align-items:center;border-radius:3px;box-shadow:0 4px 8px rgba(0,0,0,.15);margin:60px 0 20px 0'\u003e\u003cdiv style='text-align:center'\u003e\u003ciframe width='261' height='464' src='https://www.youtube.com/embed/WcguhLUxKKI' title='What is Authentication? 🆔⌛' frameborder='0' allow='accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share' allowfullscreen\u003e\u003c/iframe\u003e\u003c/div\u003e\u003c/div\u003e"},{"title":"A Centralized Approach","description":"\u003cp\u003eBut what if you have multiple applications? Or your user has multiple identities? What if you need to support external identity providers, such as Google, LinkedIn or Twitter, where user authentication is handled by a 3rd party? How about adding support for \u003ca href='https://a0.to/learn-mfa'\u003eMFA\u003c/a\u003e? And what about supporting \u003ca href='https://a0.to/learn-passwordless'\u003ePasswordless\u003c/a\u003e workflows that do away with passwords altogether?\u003c/p\u003e\u003cdiv class='new-banner' style='background-color:#f5f7f9;width:100%;display:flex;flex-direction:row;justify-content:center;align-items:center;border-radius:3px;box-shadow:0 4px 8px rgba(0,0,0,.15);margin:60px 0 20px 0'\u003e\u003cfigure class='new-banner-image size-large'\u003e\u003cimg style='margin:20px 0 20px 0' src='https://images.ctfassets.net/kbkgmx9upatd/3J6nNmGTg5PyDz4gmCTDnS/0d88bb3cfe9e5bfa741440b047a3c7a0/60575_MFA-Factors_GIF_Auth0.gif' alt=''\u003e\u003c/figure\u003e\u003c/div\u003e"},{"title":"Build it Yourself?","description":"\u003cp\u003eWell, you could build support in-house, that's true. And we've even put together a comprehensive analysis on doing just that. If your team has the resources, time, capacity, knowledge, and expertise in modern identity technologies - such as OIDC, OAuth 2 and developing a Single Sign On authorization service - then it's definitely an option. But what if there was a better way?\u003c/p\u003e\u003cdiv class='new-banner' style='background-color:#f5f7f9;width:100%;display:flex;flex-direction:row;justify-content:center;align-items:center;border-radius:3px;box-shadow:0 4px 8px rgba(0,0,0,.15);margin:60px 0 20px 0'\u003e\u003cdiv class='new-banner-text' style='width:50%;padding-left:40px;font-size:24px;color:#333;text-align:initial;font-weight:500;line-height:normal'\u003eLearn when you should build versus buy your identity platform. \u003ca class='wow btn btn-lg btn-success js-try new-banner-button' style='margin-top:24px;font-weight:700' href='https://auth0.com/resources/whitepapers/build-vs-buy-evaluating-identity-management'\u003eDOWNLOAD THE FREE EBOOK\u003c/a\u003e\u003c/div\u003e\u003cp style='margin:0'\u003e\u003cimg class='new-banner-image' style='margin:0;height:260px' src='https://images.ctfassets.net/kbkgmx9upatd/gCc8XqSVP22vE02ggUJcQ/0153c8309476c0bceca1f37316e1f647/bvb_2x.png'\u003e\u003c/p\u003e\u003c/div\u003e"},{"title":"Meet Universal Login!","description":"\u003cp\u003eSay hello to \u003ca href='https://auth0.com/docs/authenticate/login/auth0-universal-login' target='_blank'\u003eAuth0 Universal Login\u003c/a\u003e! Universal Login allows you to create a fully customized \u003ca href='https://auth0.com/blog/what-is-and-how-does-single-sign-on-work/' target='_blank'\u003eSingle Sign On\u003c/a\u003e experience at the push of a button! One that can be integrated across all your applications, and that also provides seamless access to all of the additional capabilities supported by the Auth0 platform.\u003c/p\u003e\u003cdiv\u003e\u003cimg style='margin:auto;display:block' class='vidyard-player-embed' src='https://share.vidyard.com/watch/rDPMjZdQJwUM6qcLRBCEE6' data-uuid='rDPMjZdQJwUM6qcLRBCEE6' data-v='4'\u003e\u003cscript type='text/javascript' async src='https://play.vidyard.com/embed/v4.js'\u003e\u003c/script\u003e\u003c/div\u003e"},{"title":"Log In. Just Once.","description":"\u003cp\u003eSingle Sign On provides a seamless authentication experience as you navigate through your applications, and works by having a central server (i.e. Auth0) which all the applications trust and leverage - typically via the Browser. When you log in for the first time, a cookie gets created in the context of this central server. Then, whenever you access another application, you get redirected (to the central server), and if you already have a cookie there, you'll get redirected directly to the application without any further login prompt.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/how-it-work-flow.png' alt='How it works'\u003e\u003c/p\u003e"},{"title":"Easy to Integrate with any Application","description":"\u003cp\u003eWith a variety of out-of-box options provided by a \u003ca href='https://auth0.com/docs/libraries' target='_blank'\u003ewide range of SDKs\u003c/a\u003e, you can build an initial integration with almost any application, written in any language, and supporting any technology stack in a matter of hours.\u003c/p\u003e\u003cdiv class='new-banner' style='background-color:#f5f7f9;width:100%;display:flex;flex-direction:row;justify-content:center;align-items:center;border-radius:3px;box-shadow:0 4px 8px rgba(0,0,0,.15);margin:60px 0 20px 0'\u003e\u003cfigure class='new-banner-image size-large'\u003e\u003cimg style='margin:20px 0 20px 0' src='https://auth0.com//docs/img/library/header_img.svg' alt=''\u003e\u003c/figure\u003e\u003c/div\u003e"},{"title":"Support for Single Sign Off","description":"Single Sign Off - a.k.a. Single Sign Out or Single Logout - is the inverse process of Single Sign On. Once you log off of a configured application, your session will end in all of them. You'll save time, and will never forget your opened sessions again."},{"title":"Last-mile Integration through Extensibility","description":"\u003cp\u003eWe know that every use case can be different! So if you need additional customization, you can use \u003ca href='https://auth0.com/actions' target='__blank'\u003eAuth0’s Actions\u003c/a\u003e. Actions are JavaScript functions that run in Auth0 and empower you to control and customize key events in the authentication and authorization pipeline.\u003c/p\u003e\u003cimg src='https://images.ctfassets.net/kbkgmx9upatd/4zKvB2Mlu5aISQwt9jW7s3/a5eb3973da75d1f390aa7142806f376c/image3.png' alt='auth0 actions login dashboard'\u003e"},{"title":"Compliance with Standards","description":"\u003cp\u003eWe’re HIPAA and SOC2 compliant, which assures you that we comply with all best practices of identity management.If you require an extra layer of security, you can turn on advanced policies like multi-factor authentication, password policies, brute force protection, and much more with just one click!\u003cbr /\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/compliance-standars.png' alt='Compliance standars'\u003e\u003c/p\u003e"},{"title":"Stay Informed","description":"\u003cp\u003eDiscover helpful CIAM articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, viewing, listening, cloning repos, copying code, or attending a workshop or conference, our content is everywhere and made for developers like you.\u003c/p\u003e\u003cfigure class='size-large'\u003e\u003ca href='https://a0.to/nl-signup' target='_blank' rel='noreferrer noopener'\u003e\u003cimg src='https://pages.okta.com/rs/855-QAH-699/images/zero-index-email-header_auth0_1201-401.png' alt=''\u003e\u003c/a\u003e\u003cfigcaption class='wp-element-caption'\u003e\u003cem\u003eClick to subscribe\u003c/em\u003e\u003c/figcaption\u003e\u003c/figure\u003e"}]},{"id":"cloud-identity-access-management","title":"Cloud Identity and Access Management (IAM)","description":"Understanding How Identity and Access Management in the Cloud Works","category":"concepts","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/5xXb0qQocOpKljdgS7jbOB/92a91f30c0f83ace48fc985255595c66/iam-what-is.png","mimeType":"image/png"},"content":[{"title":"What is Identity and Access Management?","description":"\u003cp\u003eAccording to \u003ca href='http://www.gartner.com/it-glossary/identity-and-access-management-iam/'\u003eGartner\u003c/a\u003e, Identity and Access Management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments.\u003c/p\u003e\u003cp\u003eEnterprises traditionally used on-premises IAM software to manage identity and access policies, but nowadays, as companies add more cloud services to their environments, the process of managing identities is getting more complex. Therefore, adopting cloud-based Identity-as-a-Service (IDaaS) and cloud IAM solutions becomes a logical step.\u003c/p\u003e"},{"title":"What does Cloud Identity and Access Management include?","description":"\u003cp\u003eCloud IAM typically includes the following features:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eSingle Access Control Interface\u003c/strong\u003e. Cloud IAM solutions provide a clean and consistent access control interface for all cloud platform services. The same interface can be used for all cloud services.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eEnhanced Security\u003c/strong\u003e. You can define increased security for critical applications.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eResource-level Access Control\u003c/strong\u003e. You can define roles and grant permissions to users to access resources at different granularity levels.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/auth0-manage.png' alt='Auth0 manage' /\u003e\u003c/p\u003e"},{"title":"Why do you need Identity and Access Management?","description":"\u003cp\u003eIdentity and Access Management technology can be used to initiate, capture, record, and manage user identities and their access permissions. All users are authenticated, authorized, and evaluated according to policies and roles.\u003c/p\u003e\u003cp\u003ePoorly controlled IAM processes may lead to regulatory non-compliance; if the organization is audited, management may not be able to prove that company data is not at risk of being misused.\u003c/p\u003e"},{"title":"How can Cloud IAM help you?","description":"\u003cp\u003eIt can be difficult for a company to start using cloud Identity and Access Management solutions because they don\u0026#8217;t directly increase profitability, and it is hard for a company to cede control over infrastructure. However, there are several perks that make using an IAM solution very valuable, such as the following:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe ability to spend less on enterprise security by relying on the centralized trust model to deal with Identity Management across third-party and own applications.\u003c/li\u003e\u003cli\u003eIt enables your users to work from any location and any device.\u003c/li\u003e\u003cli\u003eYou can give them access to all your applications using just one set of credentials through \u003ca href='https://auth0.com/learn/how-to-implement-single-sign-on'\u003e\u003cstrong\u003eSingle Sign-On\u003c/strong\u003e\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eYou can protect your sensitive data and apps: Add extra layers of security to your mission-critical apps using \u003ca href='https://auth0.com/learn/get-started-with-mfa'\u003e\u003cstrong\u003eMultifactor Authentication\u003c/strong\u003e\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eIt helps maintain compliance of processes and procedures. A typical problem is that permissions are granted based on employees\u0026#8217; needs and tasks, and not revoked when they are no longer necessary, thus creating users with lots of unnecessary privileges.\u003c/li\u003e\u003c/ul\u003e"},{"title":"Auth0 as your Cloud IAM solution","description":"\u003cp\u003eAuth0 can authenticate your users with \u003cstrong\u003eany identity provider\u003c/strong\u003e running on any stack, any device or cloud. It provides \u003cstrong\u003eSingle Sign-On\u003c/strong\u003e, \u003cstrong\u003eMultifactor Authentication\u003c/strong\u003e, \u003cstrong\u003eSocial Login\u003c/strong\u003e, and several more features.\u003c/p\u003e\u003cp\u003eYou can read more about Auth0 features here: \u003ca href='https://auth0.com/why-auth0'\u003eWhy Auth0?\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIn terms of authorization, you can use the power of the \u003ca href='https://auth0.com/docs/rules'\u003erules engine\u003c/a\u003e to define coarse-grained authorization — that is, rules that dictate who can login (for example: at what times, from which locations and devices, and so on).\u003c/p\u003e\u003cp\u003eAuth0 also has a \u003cstrong\u003egroup memberships\u003c/strong\u003e feature that can be exposed to the application (for example: group memberships in Active Directory, in Azure Active Directory, in the user’s metadata, and so on); based on that, you can do more fine-grained authorization (where only users in a particular group can access some applications).\u003c/p\u003e\u003cp\u003eWe are always working on improving \u003cstrong\u003eAuth0\u003c/strong\u003e and making things simpler; therefore, you can expect updates in these areas soon.\u003cbr /\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/why-auth0.png' alt='why auth0' /\u003e\u003c/p\u003e"}]},{"id":"get-started-with-mfa","title":"Multifactor Authentication (MFA)","description":"Learn everything about Multifactor Authentication (MFA) and how you can start using it right now in your application.","category":"concepts","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/6VLMfLTi862UcU2piK7SAQ/ea1ae8b064cb0db2901160bfb73aea5b/hero-mfa.png","mimeType":"image/png"},"content":[{"title":"What is Multifactor Authentication?","description":"\u003cp\u003eMulti-Factor Authentication (a.k.a. MFA) is the process whereby a user provides an additional level of authentication via the use of an additional factor. MFA is a complement to First-Factor authentication - which is typically where a user authenticates using a UserID and Password, or \u003ca href='https://a0.to/learn-passwordless'\u003ePasswordless\u003c/a\u003e workflow.\u003c/p\u003e\u003cdiv class='new-banner' style='background-color:#f5f7f9;width:100%;display:flex;flex-direction:row;justify-content:center;align-items:center;border-radius:3px;box-shadow:0 4px 8px rgba(0,0,0,.15);margin:60px 0 20px 0'\u003e\u003cdiv style='text-align:center'\u003e\u003ciframe width='261' height='464' src='https://www.youtube.com/embed/ixVBbW3uXkE' title='What is MFA? 🆔⌛' frameborder='0' allow='accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share' allowfullscreen\u003e\u003c/iframe\u003e\u003c/div\u003e\u003c/div\u003e"},{"title":"Why is MFA necessary?","description":"\u003cp\u003eMultifactor Authentication is important to provide enhanced security to your critical systems. The extra layer(s) of protection that MFA provides are typically triggered on abnormal or specific situations, such as login from a different device, location, or time frame. This can help prevent attackers - that only have one of your authentication factors - from gaining access to your account(s). For example, if your password is stolen, MFA will typically provide one or more additional layers of protection from attack by whoever stole your password!\u003c/p\u003e"},{"title":"Typical MFA Deployment","description":"\u003cp\u003eMFA (often referred to as step-up authentication) is typically deployed across all users. And typically employs an additional user authentication mechanism - also known as a factor - in an attempt to prove that a user is in fact who they say they are. The use of MFA can be an excellent deterrent against \u003ca href='https://auth0.com/blog/protecting-against-phishing-attacks/' target='_blank'\u003ePhishing\u003c/a\u003e attacks and the like.\u003c/p\u003e\u003cdiv class='new-banner' style='background-color:#f5f7f9;width:100%;display:flex;flex-direction:row;justify-content:center;align-items:center;border-radius:3px;box-shadow:0 4px 8px rgba(0,0,0,.15);margin:60px 0 20px 0'\u003e\u003cp style='margin:0'\u003e\u003cimg class='new-banner-image' style='margin:0;height:260px' src='https://images.ctfassets.net/23aumh6u8s0i/6lndb4OGHrhpfUnkeB9C4b/ed1e79f85cc48bad42ee8a5e6e47c3a9/MFA_factors_by_assurance__1_.jpg'\u003e\u003c/p\u003e\u003c/div\u003e"},{"title":"A More Adaptive Approach","description":"\u003cp\u003eWith Auth0 Adaptive MFA you can decide exactly when a user needs to provide their additional authentication factor. So users only need to go through additional security when an additional level of security is absolutely required. And you can progressively roll out MFA too; choose groups of users at a time rather than forcing everyone to use MFA all at once. Integrated via \u003ca href='https://a0.to/topics/sso/' target='_blank'\u003eUniversal Login\u003c/a\u003e, Adaptive MFA gives you the flexibility to make certain that the user experience is as frictionless as possible.\u003c/p\u003e\u003cdiv class='new-banner' style='background-color:#f5f7f9;width:100%;display:flex;flex-direction:row;justify-content:center;align-items:center;border-radius:3px;box-shadow:0 4px 8px rgba(0,0,0,.15);margin:60px 0 20px 0'\u003e\u003cdiv style='text-align:center'\u003e\u003cfigure\u003e\u003cimg src='https://images.ctfassets.net/kbkgmx9upatd/7w9glZ0L5UDBWwP55V2dSE/6462e6bc428399bb05ebfe77ff463673/MFA_-_Step-Up_MFA.svg' alt=''\u003e\u003c/figure\u003e\u003c/div\u003e\u003c/div\u003e"},{"title":"Compliance with Standards","description":"\u003cp\u003eWe’re HIPAA and SOC2 compliant, which assures you that we comply with all best practices of identity management. Additionally, if you require an extra layer of security you can turn on advanced policies like multifactor authentication, password policies, brute force protection and much more with just one click!\u003cbr /\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/compliance-standars.png' alt='Compliance' /\u003e\u003c/p\u003e"},{"title":"Stay Informed","description":"\u003cp\u003eDiscover helpful CIAM articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, viewing, listening, cloning repos, copying code, or attending a workshop or conference, our content is everywhere and made for developers like you.\u003c/p\u003e\u003cfigure class='size-large'\u003e\u003ca href='https://a0.to/nl-signup' target='_blank' rel='noreferrer noopener'\u003e\u003cimg src='https://pages.okta.com/rs/855-QAH-699/images/zero-index-email-header_auth0_1201-401.png' alt=''\u003e\u003c/a\u003e\u003cfigcaption class='wp-element-caption'\u003e\u003cem\u003eClick to subscribe\u003c/em\u003e\u003c/figcaption\u003e\u003c/figure\u003e"}]},{"id":"customer-loyalty-program","title":"Identity - The Cornerstone of a Loyalty Program","description":"How To Set Up A Seamless Customer Loyalty Program","category":"growth","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/VBjICQvGNYr2044LHwHAu/a7cc2dbb015e0cd73476ce2fa1fbe7cd/loyalty-hero.png","mimeType":"image/png"},"content":[{"title":"Why build a loyalty program?","description":"\u003cp\u003e\u003cspan\u003eLoyalty programs can be a powerful lever for growth. By targeting your existing customers with rewards and offers, you hit your already-engaged users with an additional incentive to stay, spend, and refer:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003eYour best customers become your biggest fans: not only will they stick around—they\u0026#8217;ll promote you through word of mouth.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eTypical customers will be more engaged, because they don\u0026#8217;t want to miss out on any rewards.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eBy partnering with other brands that your customers love, you build “stickiness”, leveraging those positive associations and giving your customers even more reasons to buy.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"An information exchange","description":"\u003cp\u003e\u003cspan\u003eLoyalty programs are all about membership, belonging, connection and association. Who you are is at the core of how loyalty programs work. So by their very nature, loyalty programs rely heavily on identity infrastructure \u0026#8211; the “who you are” software \u0026#8211; to deliver their unique power to engage customers. \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe basic relationship for loyalty programs is membership, and “member” is the key role that any loyalty program must model. More sophisticated programs add a second role \u0026#8211; “partner” \u0026#8211; to the mix. Partners are independent brands with products and services banding together to create a web of positive associations that benefit everyone. Loyalty programs with a range of participating partners give their members even more ways to earn and redeem benefits, \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eMembers:\u003c/b\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003eLog into your site to accrue points and rewards through purchases of your products and services, and to redeem those points and rewards directly with you.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eLog into partner sites to accrue points and rewards as well, connecting to the loyalty program through single sign-on (SSO) to use their membership account with partner purchases.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cb\u003ePartners:\u003c/b\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003eLog into the loyalty program’s administrative interface \u0026#8211; either a site, or an API \u0026#8211; to implement co-marketing, promotions, and member analytics.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eEstablish a single sign-on relationship between their own identity management infrastructure and the loyalty program, so that once a customer is logged into one of the loyalty program’s partner sites, that customer can visit another partner’s site without logging into their membership account again. This can simplify the user experience and solidify the connection across brands in the customer’s mind.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003eAll loyalty programs have membership. Not all have partners, or implement the entire potential opportunity for partnerships. But the more sophisticated the partnership opportunities, the more valuable the loyalty program may become in customers’ minds, and the more complex the identity management challenges.\u003c/span\u003e\u003c/p\u003e"},{"title":"The challenge","description":"\u003cp\u003e\u003cspan\u003eLoyalty program identity management can be tricky to implement:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cb\u003eSecurity: \u003c/b\u003e\u003cspan\u003eWhether rewards are earned through miles, points, or some other virtual currency, you\u0026#8217;ll likely have hackers and phishers trying to compromise your system, harm your members, and damage your brand.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003eScale:\u003c/b\u003e\u003cspan\u003e If you’re successful you could have millions of members. You may already have millions of members \u0026#8211; and need to migrate them to a new identity system.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003eSocial integration\u003c/b\u003e\u003cspan\u003e: Your members are tired of remembering passwords for all their myriad accounts \u0026#8211; and they may reuse a password when they sign up for your program. Danger! Your members and your business are safer if they use a social identity like Google or Facebook to connect, but how do you implement that easily?\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003ePartner Integration\u003c/b\u003e\u003cspan\u003e: When you partner with other brands, you’ll have to build and maintain integrations with their authentication systems \u0026#8211; that is where the rubber meets the road in actually implementing the partnership. But how do you implement SSO between your program and your partners with so many enterprise identity providers and standards (SAML, ADFS, AD/LDAP…) out there? This must be low-friction or your partner on-boarding will suffer.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003eMobile Experience:\u003c/b\u003e\u003cspan\u003e Have a mobile app for your business? Want to let members earn and redeem rewards on your app? How can you make the authentication process seamless and responsive without a massive development effort?\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003eAnalytics:\u003c/b\u003e\u003cspan\u003e Member engagement, shopping and buying behavior is a rich source of marketing intelligence. Want to know which partner products your biggest spenders prefer? Target promotions to those members most likely to buy? You’ll need to tie member identity to behavior in your analytics platform to turn correlations into cash.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title":"Just a few lines of code","description":"\u003cp\u003e\u003cspan\u003eSounds hard, doesn’t it? But what if you could add a few lines of code to your loyalty program site and be done with it?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eImagine a platform that uses a single, simple API with SDKs for nearly every language and framework, and that hides all that complexity. A platform that can authenticate members with username and password or through a social identity account. That logs in partner employees via SSO with their enterprise credentials, and seamlessly handles the back and forth of member identity across multiple partner sites without making members re-authenticate?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eNo matter whether members or partners are logging in, and no matter whether they’re using an OAuth2-based social identity, enterprise credentials and a SAML-based identity provider, or a username/password account that must be self-service registered and managed, the identity system is securely answering the fundamental question “who are you?” Auth0 gives you one way to answer that question \u0026#8211; through a developer-friendly SDK for your preferred platform, but behind the scenes implements all the integrations needed to hide that complexity \u0026#8211; built by some of the foremost identity and security specialists in the business.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eYou get to market fast, you have the flexibility to implement even your most ambitious plans, and your developers focus on the unique features of your loyalty program and leave the messy but critical identity infrastructure to experts.\u003c/span\u003e\u003cbr /\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/few-line-code.png' alt='just few line of code' /\u003e\u003c/p\u003e"},{"title":"Easy analytics, powerful intelligence","description":"\u003cp\u003e\u003cspan\u003eWith Auth0 acting as a clearinghouse for all your authentications, it is perfectiy situated to act as an analytics hub. With Auth0’s powerful rules feature \u0026#8211; short bits of Javascript code executed in the authentication pipeline \u0026#8211; you can set up a comprehensive and powerful analytics platform to:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003ePour data from every member authentication into your analytics platform to mix with the other marketing signals you’re getting from their activity.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eTrack the rewards that bring in new members and share that information with your partners. Build a stickier, stronger loyalty program.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eUse\u003c/span\u003e\u003ca href='http://www.sas.com/it_it/whitepapers/statistics-machine-learning-at-scale-107284.html'\u003e \u003cspan\u003emachine learning\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e to build a reward-based recommendation engine and increase the value your program can offer to its members.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eCut the rewards that don\u0026#8217;t encourage buying behaviors and double down on the ones that do.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003e\u003cspan\u003eIncorporating Social Identity\u003c/span\u003e\u003c/h2\u003e\u003cp\u003e\u003cspan\u003eBecause social identity can leverage the rich information that members have already provided to social networks, you get access to deeper insights that can improve the conversion rates of your marketing initiatives.\u003c/span\u003e\u003cbr /\u003e\u003cspan\u003eImagine you\u0026#8217;re about to launch a new partnership, and introduce a coupon code that this partner can offer their customers to accrue points in your loyalty program. Using social analytics, you could segment members based on who would be most likely to redeem the coupon—by age, income, gender, region, interests, marital status, etc.—and send a pre-launch email announcing the new partner and introductory offer to just those members likely to be most interested.\u003c/span\u003e\u003c/p\u003e"},{"title":"Flexible Security","description":"\u003cp\u003e\u003cspan\u003eYou’ll want to deliver a great experience to everyone landing on your loyalty program’s site \u0026#8211; non-members and members alike. But certain activities such as redeeming rewards, you’ll want to step up security. After all, in many situations, rewards points are as valuable as cash! So, implementing \u003c/span\u003e\u003ca href='https://auth0.com/learn/two-factor-authentication/'\u003e \u003cspan\u003emulti-factor authentication\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e might be a good idea. You can ask for additional factors only when the member is trying to do something more sensitive, and not bother them with additional steps when they’re just browsing the site.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eWith Auth0, you can rest assured that every best practice of credential management is enabled by default:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003eJSON Web Tokens.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003ePasswords hashed using \u003c/span\u003e\u003ci\u003e\u003cspan\u003ebcrypt\u003c/span\u003e\u003c/i\u003e\u003cspan\u003e().\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eEmail verification.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eProtection against DDoS and brute force attacks.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eAn SSL implementation scored\u003c/span\u003e\u003ca href='https://auth0.com/security'\u003e \u003cspan\u003eA+ by Qualsys\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003eA complete rundown of Auth0’s security features is available\u003c/span\u003e\u003ca href='https://auth0.com/security'\u003e \u003cspan\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title":"A comprehensive solution","description":"\u003cp\u003e\u003cspan\u003eLoyalty programs stress identity management solutions in almost every dimension. They often have huge and active user populations, a wide range of social and enterprise identity providers, and complex, elaborate analytics demands \u0026#8211; after all, they’re all about driving even more sales and engagement.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eBut that\u0026#8217;s not all: loyalty programs feature rewards points that are just like money in many situations, and thus require the same grade of security solutions as financial services.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eAuth0 is designed from the ground up to make very complex, demanding applications like loyalty programs easy to implement. Just one API gives you access to a comprehensive toolkit of providers, protocols, and SDKs, along with very sophisticated and powerful extension capabilities such as Auth0’s rules that allow you to customize authentication to precisely match your needs. All implemented by experts in security and identity and monitored with comprehensive logging and auditing.\u003c/span\u003e\u003cbr /\u003e\u003cspan\u003eBacked by 24/7 support, enterprise SLAs, and a wide range of pricing plans right for any application, Auth0 lets you solve even the most complex identity problems and focus on what really matters: a turbocharged loyalty program optimized for your members and partners.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eRead More: \u003c/span\u003e\u003ca href='https://auth0.com/learn/jetprivilege-case-study/'\u003e\u003cspan\u003eInterMiles: SSO Makes For A Seamless Travel Experience\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"}]},{"id":"the-b2b-customer-value-journey","title":"The B2B Customer Value Journey","description":"For most of our B2B customers, the path to value with Auth0 is a consistent one. To help you on your way, we've plotted a course along with all the checkpoints you need to navigate seamlessly through it. Enjoy the trip!","category":"growth","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/1l0gCnSfU7mDAwpOpAWj2m/da031fbd53bd902f221e4029e0b84db9/b2b-hero.png","mimeType":"image/png"},"content":[{"title":"1. Creating an Application in Auth0","description":"\u003cp\u003e\u003cspan\u003eAn application is one of the core concepts in Auth0. It’s also usually your starting point. Registering your app with Auth0 allows you to automatically login users in multiple ways (more of that later). You can change the way your users authenticate later on, without changing your app.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003e\u003cb\u003eDOCS\u003c/b\u003e:\u003c/strong\u003e \u003ca href='https://auth0.com/docs/applications?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eCore concepts \u0026#8211; Applications.\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cdiv style='width: 640px;' class='wp-video'\u003e\u003c!--[if lt IE 9]\u003e\u003cscript\u003edocument.createElement('video');\u003c/script\u003e\u003c![endif]--\u003e\u003cvideo class='wp-video-shortcode' id='video-239-1' width='640' height='360' preload='metadata' controls='controls'\u003e\u003csource type='video/mp4' src='https://embed-ssl.wistia.com/deliveries/28370b9d9e1adcea1b8e66ef85812d7ef51e224e/file.mp4?_=1' /\u003e\u003ca href='https://embed-ssl.wistia.com/deliveries/28370b9d9e1adcea1b8e66ef85812d7ef51e224e/file.mp4'\u003ehttps://embed-ssl.wistia.com/deliveries/28370b9d9e1adcea1b8e66ef85812d7ef51e224e/file.mp4\u003c/a\u003e\u003c/video\u003e\u003c/div\u003e"},{"title":"2. Integrating your App with Auth0","description":"\u003cp\u003e\u003cspan\u003eDuring the process of setting up an application in Auth0 you probably came across the reference to Lock. Lock is the easiest way to integrate Auth0 managed authentication into your application. You get a beautiful hosted and embeddable login form with a fully customizable look and feel \u0026#8211; and it displays perfectly on any device at any resolution. It\u0026#8217;s at about this point most developers wish they\u0026#8217;d known about Auth0 earlier!\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eTry the Quickstart tutorials \u0026#8211; whether you have a native mobile app, single page app, regular web app or other type \u0026#8211; the tutorials step you through integrating lock where relevant.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eDOCS: \u003c/strong\u003e\u003ca href='https://auth0.com/docs/libraries/lock?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003e\u003cspan\u003eLock full documentation\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eDOCS: \u003c/strong\u003e\u003ca href='https://auth0.com/docs/libraries/lock/ui-customization?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan\u003eCustomize Lock look and feel\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eDOCS: \u003c/strong\u003e\u003cspan style='font-weight: 400;'\u003e\u003ca href='https://auth0.com/docs?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eQuickstart Tutorials\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/lock-presentation.png' alt='Lock Presentation' /\u003e\u003c/p\u003e"},{"title":"3. Connecting Users to your Application with a Username and Password Database","description":"\u003cp\u003e\u003cspan\u003eSo you have an app\u0026#8230;how about some users? Let’s start with the simplest form: a username and a password. It’s like the meat and potatoes of authentication. Auth0 provides \u003c/span\u003edatabase\u003cspan\u003e connections to authenticate users with an email/username and a password and securely store these credentials in the Auth0 user store, or in your own database.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003e\u003cb\u003eAuth0 Username and Password Database\u003c/b\u003e\u003c/h3\u003e\u003cp\u003e\u003cspan\u003eOne of the quickest ways to get up and running, particularly for new apps, is to allow users to register and authenticate with a username and password which is stored securely in an Auth0 database in your account.\u003c/span\u003e\u003c/p\u003e\u003cdiv style='width: 640px;' class='wp-video'\u003e\u003cvideo class='wp-video-shortcode' id='video-239-2' width='640' height='360' preload='metadata' controls='controls'\u003e\u003csource type='video/mp4' src='https://embed-ssl.wistia.com/deliveries/c6b605fd0ff7286576d1ace24a68c77776d4e49c/file.mp4?_=2' /\u003e\u003ca href='https://embed-ssl.wistia.com/deliveries/c6b605fd0ff7286576d1ace24a68c77776d4e49c/file.mp4'\u003ehttps://embed-ssl.wistia.com/deliveries/c6b605fd0ff7286576d1ace24a68c77776d4e49c/file.mp4\u003c/a\u003e\u003c/video\u003e\u003c/div\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/connections/database?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan\u003eDatabase identity providers\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e\u003cb\u003eYour Own Custom Database\u003c/b\u003e\u003c/h3\u003e\u003cp\u003e\u003cspan\u003eOf course, you may already have a database of existing user credentials which lives somewhere else and you wish to continue using it \u0026#8211; maybe it’s MySQL, MongoDB, Sql Server or something else. Auth0 supports virtually any custom user credentials store. For this, you use Auth0’s Custom Database feature.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/connections/database/mysql?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan\u003eAuthenticating users with username and password using a custom database\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003eOften there’s the situation where you want the best of both worlds \u0026#8211; you have an existing database full of user credentials, but you’d prefer to utilise Auth0’s database for the security peace of mind and to free up the cost of infrastructure and/or licensing used for your existing database. In this case, you can use the “import users to Auth0” option to automatically migrate users over time. You’re welcome 😉\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/connections/database/migrating?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan\u003eImport users to Auth0\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003eUsers will be migrated automagically as they login. This way, no expensive bulk migration project is needed. You never need to shutdown your system and, best of all, you won\u0026#8217;t need to reset user passwords.\u003c/span\u003e\u003c/p\u003e"},{"title":"4. Connecting Enterprise Users to your Application with Enterprise Identity Providers","description":"\u003cp\u003e\u003cspan\u003eA more common requirement for B2B applications is to connect your customers\u0026#8217; users to your app with their own existing enterprise credentials. Imagine your a B2B SaaS company and you sell your business focussed solution to big companies with hundreds or even thousands of staff. Rather than those staff having to create new accounts on your service, you can allow them to sign in to your app using their existing corporate Active Directory (or SAML, Google Apps, LDAP, ADFS etc) credentials, for example.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eIt\u0026#8217;s a win win \u0026#8211; a better user experience for the customer which results in less friction and more consumption and engagement with your app.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eDOCS\u003c/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c/strong\u003e \u003ca href='https://auth0.com/docs/connections/enterprise/active-directory?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eConnecting Active Directory\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eDOCS:\u003c/strong\u003e \u003ca href='https://auth0.com/docs/saml-configuration?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eConfiguring SAML\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eDOCS:\u003c/strong\u003e \u003ca href='https://auth0.com/docs/hrd?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eDealing with multiple customers in your multi-tenant Saas app\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eARTICLE: \u003c/strong\u003e\u003ca href='https://auth0.com/blog/2016/02/02/switching-from-social-logins-to-saml-in-minutes-with-auth0/?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eSwitching from Social to SAML in Minutes\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eARTICLE: \u003c/strong\u003e\u003ca href='https://auth0.com/blog/2015/08/18/how-to-go-upmarket-and-grow-your-revenue-by-20x/?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eHow to take your Saas upmarket and grow revenue\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eCASE STUDY\u003c/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c/strong\u003e \u003ca href='https://auth0.com/lib/aws-reinvent/resources/pdf/safari-case-study.pdf?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eAuth0 SSO Drives B2B Expansion with Safari\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"5. Linking User Accounts","description":"\u003cp\u003eAlmost everybody has various social network accounts \u0026#8211; we’re on Facebook, Twitter, LinkedIn, GitHub and many others. A clever application can recognize the same user even when they login on different occasions with these various social profiles. A clever developer uses Auth0’s user account linking to sort it out.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/link-accounts?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan\u003eLinking accounts\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"6. Enhancing User Profiles with Rules","description":"\u003cp\u003e\u003cspan\u003eB2C apps can live or die based solely on the user experience. If you can’t present relevant content or messaging quickly users tune out. The key to relevant content can be knowing your users. Auth0 includes a powerful rules engine which can be used (among other things) to enhance user profiles right there in the authentication flow.\u003c/span\u003e\u003c/p\u003e\u003cdiv style='width: 640px;' class='wp-video'\u003e\u003cvideo class='wp-video-shortcode' id='video-239-3' width='640' height='360' preload='metadata' controls='controls'\u003e\u003csource type='video/mp4' src='https://embed-ssl.wistia.com/deliveries/129e3bcb7f75083d6a0cb7213b0f2eefeae64680/file.mp4?_=3' /\u003e\u003ca href='https://embed-ssl.wistia.com/deliveries/129e3bcb7f75083d6a0cb7213b0f2eefeae64680/file.mp4'\u003ehttps://embed-ssl.wistia.com/deliveries/129e3bcb7f75083d6a0cb7213b0f2eefeae64680/file.mp4\u003c/a\u003e\u003c/video\u003e\u003c/div\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003cspan\u003e\u003ca href='https://auth0.com/docs/rules/metadata-in-rules?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eMetadata in Rules\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003eARTICLE\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/blog/2015/09/11/7-ways-to-2x-your-revenue-growth-by-putting-your-user-data-to-work/?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003e\u003cspan style='font-weight: 400;'\u003e7 ways to grow revenue by putting your user data to work\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/user-metadata-rules.png' alt='User metadata rules' /\u003e\u003c/p\u003e"},{"title":"7. Multi-Factor Authentication (MFA)","description":"\u003cp\u003e\u003cspan\u003eSecurity is critical for any B2B app. You need to be able to provide peace of mind to your business customers that data and user credentials won\u0026#8217;t be compromised. Multifactor authentication has become more of an expected functionality than a security luxury \u0026#8211; and luckily it\u0026#8217;s easy to implement with Auth0.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003cspan\u003e\u003ca href='https://auth0.com/learn/multifactor-authentication/?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eIntroduction to MFA\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003cspan\u003e\u003ca href='https://auth0.com/docs/multifactor-authentication?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eSetting up MFA in Auth0\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003cspan\u003e\u003ca href='https://auth0.com/docs/multifactor-authentication/custom-provider?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eUsing a custom MFA Provider\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}]},{"id":"why-hipaa-compliance-is-vital-your-business","title":"Why HIPAA Compliance Is Vital For Your Business","description":"HIPAA opens you up to entirely new healthcare customers. Here’s what it is, why it's important, and how you can use Auth0 in your HIPAA-compliant service","category":"growth","content":[{"title":"What Is HIPAA?","description":"\u003cp\u003eHIPAA is the Health Insurance Portability and Accountability Act. It’s the legislation that makes sure your protected health information (PHI) is kept private and kept secure. It covers how healthcare providers and associated businesses should keep handle your data and protect your health information, and provides the standards needed to ensure PHI data stored, handled, and accessed correctly at all times.\u003c/p\u003e\u003cp\u003eIt also lays out the significant fines and penalties for individuals and organizations that handle sensitive PHI data but don’t comply with the standards.\u003c/p\u003e"},{"title":"What Counts As Protected Health Information?","description":"\u003cp\u003ePHI includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll your medical records, such as blood test results or an MRI scan.\u003c/li\u003e\u003cli\u003eBilling records at the doctor’s office.\u003c/li\u003e\u003cli\u003eConversations (emails, notes) about your health between you and your doctor, your doctor and other medical staff, or your health provider and your insurance company.\u003c/li\u003e\u003c/ul\u003e"},{"title":"Who Needs To Comply With HIPAA?","description":"\u003cp\u003eInitially only doctors, hospitals, and insurance companies needed to comply with HIPAA specifications, as they were the only people and organizations with access to PHI. These are known as \u003cb\u003eCovered Entities\u003c/b\u003e and include any organization that provides “treatment, payment, and health care operations.”\u003c/p\u003e\u003cp\u003eCovered Entities include:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDoctors and their offices\u003c/li\u003e\u003cli\u003eHospitals\u003c/li\u003e\u003cli\u003ePharmacies\u003c/li\u003e\u003cli\u003eInsurance companies\u003c/li\u003e\u003cli\u003eHMOs\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eHowever, a 2013 update increased the scope of HIPAA to take into account the increased use of outsourcing and cloud providers in healthcare. Any service transmits, stores, or receives PHI data is now categorized as a \u003cb\u003eBusiness Associate \u003c/b\u003eand has to comply with HIPAA.\u003c/p\u003e\u003cp\u003eBusiness Associates include:\u003c/p\u003e\u003cul\u003e\u003cli\u003eA medical transcription service providing services to a doctor.\u003c/li\u003e\u003cli\u003eA SaaS company that provides cloud-based electronic health records for physicians.\u003c/li\u003e\u003cli\u003eAn analytics company that processes medical data.\u003c/li\u003e\u003c/ul\u003e"},{"title":"What does HIPAA require?","description":"\u003cp\u003eFor a covered entity or a business associate to be compliant with HIPAA law, they are required to do 4 things:\u003c/p\u003e\u003col\u003e\u003cli\u003eHave safeguards so that PHI data is always protected.\u003c/li\u003e\u003cli\u003eRestrict access to PHI data to only those people needed to accomplish the intended purpose.\u003c/li\u003e\u003cli\u003eHave Business Associate Agreements (BAAs) in place with service providers to ensure security of PHI data.\u003c/li\u003e\u003cli\u003eHave procedures and policies to limit access to PHI data, and training in place to teach employees and users about data security and privacy.\u003c/li\u003e\u003c/ol\u003e"},{"title":"The HIPAA Security Rule","description":"\u003cp\u003eOf the 4 HIPAA rules (Security, Privacy, Enforcement, and Breach Notification) it’s the HIPAA Security Rule that developers have to pay close attention to.\u003c/p\u003e\u003cp\u003eFor SaaS companies wanting to work with healthcare providers, medical organizations or business associates already working in the industry, the Security Rule sets out how PHI data must be handled by the app or service.\u003c/p\u003e\u003cp\u003eThis rule lays out the \u003ci\u003eTechnical Safeguards \u003c/i\u003ethat make sure access to data is controlled, that data is secure, and individuals are properly authenticated.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eAccess Control. \u003c/b\u003eThere must be policies and procedures in place to make sure only authorized users are allowed access to PHI data. This could include unique identifiers for each user, emergency access procedures, and encryption procedures.\u003c/li\u003e\u003cli\u003e\u003cb\u003eAudit Controls. \u003c/b\u003eMechanisms should be in place to record activity in the system and examine access by individuals.\u003c/li\u003e\u003cli\u003e\u003cb\u003eIntegrity Controls. \u003c/b\u003eAny PHI data should not be improperly altered or destroyed and procedures put in place so that auditors can confirm whether this has happened.\u003c/li\u003e\u003cli\u003e\u003cb\u003eTransmission Security. \u003c/b\u003eSecurity measures should be in place to make sure no unauthorized access to the PHI data happens as it is transferred over a network.\u003c/li\u003e\u003c/ul\u003e"},{"title":"The Advantages of HIPAA Compliance","description":"\u003cp\u003eUsing HIPAA standards opens you up to new customers in a growing market. 67% of healthcare organizations are currently using a SaaS service in their workflow, with 92% of healthcare providers saying that that they can see a future use for SaaS in their organization. By applying HIPAA standards, you can tap into the $3 trillion healthcare industry.\u003c/p\u003e\u003cp\u003eBy working towards HIPAA compliance, you are able to market yourself to 3 new customer bases:\u003c/p\u003e\u003cul\u003e\u003cli\u003eCovered Entities\u003cul\u003e\u003cli\u003e80% of physicians and 60% of hospitals are now using electronic health records (EHR). These companies require HIPAA compliance for any cloud service they use.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eBusiness Associates\u003cul\u003e\u003cli\u003eAs well as the covered entities, other business associates who process PHI can be assured that your service will also protect any data. As the cloud market grows for healthcare, 3rd party solutions for business associates will be able to market themselves as business associates.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eWearables \u0026amp; Health Technologies\u003cul\u003e\u003cli\u003eThough wearables don’t have to be HIPAA compliant currently, the trend towards sharing personal health data from wearables and apps means that these companies blur the lines between what does and doesn’t need to be HIPAA-compliant.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"Using Auth0 For HIPAA Authentication","description":"\u003cp\u003eThis allows companies to configure Auth0 as an identity and authentication service as one element of meeting their HIPAA compliance needs.\u003c/p\u003e"}]},{"id":"b2c-customer-value-journey","title":"The B2C Customer Value Journey","description":"For most of our B2C customers, the path to value with Auth0 is a consistent one. To help you on your way, we've mapped out this journey along with all the navigational markers you need to sail seamlessly through it. Bon voyage.","category":"growth","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/57ahivvmqKEsOmiI21crKq/cde4b7667ad1b94753d3dc2a026508c7/auth0lock-widget.png","mimeType":"image/png"},"content":[{"title":"1. Creating an Application in Auth0","description":"\u003cp\u003e\u003cspan\u003eAn application is one of the core concepts in Auth0. It’s also usually your starting point. Registering your app with Auth0 allows you to automatically login users in multiple ways (more of that later). You can change the way your users authenticate later on, without changing your app.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003e\u003cb\u003eDOCS\u003c/b\u003e:\u003c/strong\u003e \u003ca href='https://auth0.com/docs/applications?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003eCore concepts \u0026#8211; Applications.\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cdiv style='width: 640px;' class='wp-video'\u003e\u003c!--[if lt IE 9]\u003e\u003cscript\u003edocument.createElement('video');\u003c/script\u003e\u003c![endif]--\u003e\u003cvideo class='wp-video-shortcode' id='video-171-1' width='640' height='360' preload='metadata' controls='controls'\u003e\u003csource type='video/mp4' src='https://embed-ssl.wistia.com/deliveries/28370b9d9e1adcea1b8e66ef85812d7ef51e224e/file.mp4?_=1' /\u003e\u003ca href='https://embed-ssl.wistia.com/deliveries/28370b9d9e1adcea1b8e66ef85812d7ef51e224e/file.mp4'\u003ehttps://embed-ssl.wistia.com/deliveries/28370b9d9e1adcea1b8e66ef85812d7ef51e224e/file.mp4\u003c/a\u003e\u003c/video\u003e\u003c/div\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/auth0-manage.png' alt='Auth0 dashboard' /\u003e\u003c/p\u003e"},{"title":"2. Integrating your App with Auth0","description":"\u003cp\u003e\u003cspan\u003eDuring the process of setting up an application in Auth0 you probably came across the reference to Lock. Lock is the easiest way to integrate Auth0 managed authentication into your application. You get a beautiful hosted and embeddable login form with a fully customizable look and feel \u0026#8211; and it displays perfectly on any device at any resolution. It\u0026#8217;s at about this point most developers wish they\u0026#8217;d known about Auth0 earlier!\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eDOCS: \u003c/strong\u003e\u003ca href='https://auth0.com/docs/libraries/lock?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003e\u003cspan style='font-weight: 400;'\u003eLock full documentation\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eDOCS: \u003c/strong\u003e\u003ca href='https://auth0.com/docs/libraries/lock/ui-customization?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan style='font-weight: 400;'\u003eCustomize Lock look and feel\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/lock-presentation.png' alt='Lock presentation' /\u003e\u003c/p\u003e"},{"title":"3. Connecting Users to your Application with a Username and Password Database","description":" \u003cp\u003e\u003cspan\u003eSo you have an app\u0026#8230;how about some users? Let’s start with the simplest form: a username and a password. It’s like the meat and potatoes of authentication. Auth0 provides \u003c/span\u003edatabase\u003cspan\u003e connections to authenticate users with an email/username and a password and securely store these credentials in the Auth0 user store, or in your own database.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003e\u003cb\u003eAuth0 Username and Password Database\u003c/b\u003e\u003c/h3\u003e\u003cp\u003e\u003cspan\u003eOne of the quickest ways to get up and running, particularly for new apps, is to allow users to register and authenticate with a username and password which is stored securely in an Auth0 database in your account.\u003c/span\u003e\u003c/p\u003e\u003cdiv style='width: 640px;' class='wp-video'\u003e\u003cvideo class='wp-video-shortcode' id='video-171-2' width='640' height='360' preload='metadata' controls='controls'\u003e\u003csource type='video/mp4' src='https://embed-ssl.wistia.com/deliveries/c6b605fd0ff7286576d1ace24a68c77776d4e49c/file.mp4?_=2' /\u003e\u003ca href='https://embed-ssl.wistia.com/deliveries/c6b605fd0ff7286576d1ace24a68c77776d4e49c/file.mp4'\u003ehttps://embed-ssl.wistia.com/deliveries/c6b605fd0ff7286576d1ace24a68c77776d4e49c/file.mp4\u003c/a\u003e\u003c/video\u003e\u003c/div\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/connections/database?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan\u003eDatabase identity providers\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e\u003cb\u003eYour Own Custom Database\u003c/b\u003e\u003c/h3\u003e\u003cp\u003e\u003cspan\u003eOf course, you may already have a database of existing user credentials which lives somewhere else and you wish to continue using it \u0026#8211; maybe it’s MySQL, MongoDB, Sql Server or something else. Auth0 supports virtually any custom user credentials store. For this, you use Auth0’s Custom Database feature.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/connections/database/mysql?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan\u003eAuthenticating users with username and password using a custom database\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003eOften there’s the situation where you want the best of both worlds \u0026#8211; you have an existing database full of user credentials, but you’d prefer to utilise Auth0’s database for the security peace of mind and to free up the cost of infrastructure and/or licensing used for your existing database. In this case, you can use the “import users to Auth0” option to automatically migrate users over time. You’re welcome 😉\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/connections/database/migrating?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan\u003eImport users to Auth0\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003eUsers will be migrated automagically as they login. This way, no expensive bulk migration project is needed. You never need to shutdown your system and, best of all, you won\u0026#8217;t need to reset user passwords.\u003c/span\u003e\u003c/p\u003e"},{"title":"4. Connecting Users to your Application with Social Providers","description":"\u003cp\u003eIf you’re looking for more than the meat and potatoes approach, the next common step for B2C apps is to enable Social Connections. Luckily, it’s as easy as flicking a switch. We mean that literally.\u003c/p\u003e\u003cdiv style='width: 640px;' class='wp-video'\u003e\u003cvideo class='wp-video-shortcode' id='video-171-3' width='640' height='360' preload='metadata' controls='controls'\u003e\u003csource type='video/mp4' src='https://embed-ssl.wistia.com/deliveries/c828a4a7232a25a125a8b814e287023de22efda4/file.mp4?_=3' /\u003e\u003ca href='https://embed-ssl.wistia.com/deliveries/c828a4a7232a25a125a8b814e287023de22efda4/file.mp4'\u003ehttps://embed-ssl.wistia.com/deliveries/c828a4a7232a25a125a8b814e287023de22efda4/file.mp4\u003c/a\u003e\u003c/video\u003e\u003c/div\u003e\u003cul\u003e\u003cli style='font-weight: 400;'\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan style='font-weight: 400;'\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/identityproviders#social?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan style='font-weight: 400;'\u003eSocial provider support\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli style='font-weight: 400;'\u003e\u003cb\u003eARTICLE\u003c/b\u003e\u003cspan style='font-weight: 400;'\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/learn/social-login?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan style='font-weight: 400;'\u003eWhy you should add social login to your applications\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-weight: 400;'\u003eYou might want to register your instance of Auth0 with each social network so you can customize and personalize the login experience further.\u003c/span\u003e\u003cbr /\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/social-providers.png' alt='Social Providers' /\u003e\u003c/p\u003e"},{"title":"5. Linking User Accounts","description":"\u003cp\u003eAlmost everybody has various social network accounts \u0026#8211; we’re on Facebook, Twitter, LinkedIn, GitHub and many others. A clever application can recognize the same user even when they login on different occasions with these various social profiles. A clever developer uses Auth0’s user account linking to sort it out.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/link-accounts?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding'\u003e\u003cspan\u003eLinking accounts\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"6. Enhancing User Profiles with Rules","description":"\u003cp\u003e\u003cspan\u003eB2C apps can live or die based solely on the user experience. If you can’t present relevant content or messaging quickly users tune out. The key to relevant content can be knowing your users. Auth0 includes a powerful rules engine which can be used (among other things) to enhance user profiles right there in the authentication flow.\u003c/span\u003e\u003c/p\u003e\u003cdiv style='width: 640px;' class='wp-video'\u003e\u003cvideo class='wp-video-shortcode' id='video-171-4' width='640' height='360' preload='metadata' controls='controls'\u003e\u003csource type='video/mp4' src='https://embed-ssl.wistia.com/deliveries/129e3bcb7f75083d6a0cb7213b0f2eefeae64680/file.mp4?_=4' /\u003e\u003ca href='https://embed-ssl.wistia.com/deliveries/129e3bcb7f75083d6a0cb7213b0f2eefeae64680/file.mp4'\u003ehttps://embed-ssl.wistia.com/deliveries/129e3bcb7f75083d6a0cb7213b0f2eefeae64680/file.mp4\u003c/a\u003e\u003c/video\u003e\u003c/div\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/scenarios/mixpanel-fullcontact-salesforce?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003e\u003cspan\u003eExample scenario \u0026#8211; track signups, enrich user profiles and generate leads\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003eARTICLE\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/blog/2015/09/11/7-ways-to-2x-your-revenue-growth-by-putting-your-user-data-to-work/?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003e\u003cspan\u003e7 ways to grow revenue by putting your user data to work\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/how-to-track-signups.png' alt='How to track signups' /\u003e\u003c/p\u003e"},{"title":"7. Passwordless and Multi-Factor Authentication (MFA)","description":"\u003cp\u003e\u003cspan\u003eAs B2C apps mature, they need more mature functionality. The passwordless authentication feature can be used for both streamlining the login process (forgetting passwords becomes a thing of the past) and providing step-up MFA when a more sensitive action is requested by a user, such as changing profile information or processing a payment.\u003c/span\u003e\u003c/p\u003e\u003cdiv style='width: 640px;' class='wp-video'\u003e\u003cvideo class='wp-video-shortcode' id='video-171-5' width='640' height='360' preload='metadata' controls='controls'\u003e\u003csource type='video/mp4' src='https://embed-ssl.wistia.com/deliveries/7b417519a0da91e3551ed71868c6bfaa2715d9a4/file.mp4?_=5' /\u003e\u003ca href='https://embed-ssl.wistia.com/deliveries/7b417519a0da91e3551ed71868c6bfaa2715d9a4/file.mp4'\u003ehttps://embed-ssl.wistia.com/deliveries/7b417519a0da91e3551ed71868c6bfaa2715d9a4/file.mp4\u003c/a\u003e\u003c/video\u003e\u003c/div\u003e\u003cul\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/connections/passwordless?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003e\u003cspan\u003ePasswordless authentication\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/connections/passwordless/faq?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003e\u003cspan\u003ePasswordless FAQs\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003eDOCS\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.com/docs/multifactor-authentication?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003e\u003cspan\u003eMultifactor authentication\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cb\u003eDEMO\u003c/b\u003e\u003cspan\u003e: \u003c/span\u003e\u003ca href='https://auth0.github.io/lock-passwordless/?utm_source=auth0_csm\u0026amp;amp;utm_medium=email\u0026amp;amp;utm_campaign=ent_onboarding' target='_blank' rel='noopener noreferrer'\u003e\u003cspan\u003ePasswordless playground\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"}]},{"id":"how-auth0-uses-identity-industry-standards","title":"How Auth0 Uses Identity Industry Standards","description":"And Why You Should Always Use Industry Standards In Your Apps","category":"growth","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/7wEY6AU0ZnpN792z5zsxns/9cfd625abb779640d10a5ee63f91b32e/Identity-Industry-Standards-hero.png","mimeType":"image/png"},"content":[{"title":"What Are Identity Industry Standards?","description":"\u003cp\u003eWhen computers were mostly standalone systems, authentication (checking people are who they say they are) and authorization (allowing them access to specific information) codes, along with databases containing user information, were self-contained on the device. Even in the early days of the web, sites would handle security independently, using custom and proprietary code.\u003c/p\u003e\u003cp\u003eFast-forward to today and you can use the same login information across multiple apps and sites, either social logins or your custom enterprise login information for work. This is due to identity industry standards being widely employed across the web.\u003c/p\u003e\u003cp\u003eIdentity industry standards are open specifications and protocols providing explicit guidance on how to design authentication and authorization systems to manage identity, move personal data securely, and decide who can access applications and data, so multiple parties can achieve interoperability easily.\u003c/p\u003e"},{"title":"The Benefits of Standards","description":"\u003cul\u003e\u003cli\u003eTrust \u0026amp; Security\u003cul\u003e\u003cli\u003eUsing authentication standards increases security and lowers risk as the end-user only has to be identified and authenticated once by an identity provider, and then that identity information can be used across multiple systems. Authorization standards can increase privacy compliance as the amount of information shared can be easily controlled.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003ePerformance \u0026amp; Costs\u003cul\u003e\u003cli\u003eStandards means your apps aren’t dependent on custom backend authentication code or on an internally hosted user database. An application can be developed internally and deployed externally without worrying about its connection to the original backend code and server. Use of identity standards can reduce cost by eliminating the need to scale one-off or proprietary solutions, and stronger authentication and authorization methods can be automatically updated without having to update significant amounts of code.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eCustomer Satisfaction\u003cul\u003e\u003cli\u003eEnd-user experience is drastically improved as new accounts don’t have to be registered for each new application and they know that their data is safely stored with the original identity provider. They can also use fewer, stronger passwords and login information throughout their accounts.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title":"The Identity Industry Standards Behind Auth0","description":"\u003cp\u003eThe following are the Identity Industry Standards used by Auth0.\u003c/p\u003e\u003cul\u003e\u003cli\u003eOAuth 1—In the original standard, shared secrets between a server and the end-user were used to calculate signatures that were then used verify the authenticity of API requests. However, implementing signatures was difficult and the upgrade to OAuth 2 removes the need for signatures and instead relies on SSL.\u003c/li\u003e\u003cli\u003eOAuth 2—An authorization standard that provides secure access to resources of the end-user. It specifies a process allowing third-party access to resources, but without the end-user having to share their credentials. This is commonly used to log into applications using Google, Twitter, and Facebook accounts.\u003c/li\u003e\u003cli\u003eConsumer-Oriented Authentication Standards\u003cul\u003e\u003cli\u003eOpen ID Connect—an identity layer that sits on top of OAuth 2 and allows for easy verification of the identity of the user, as well the ability to obtain basic profile information from the identity provider.\u003cbr /\u003eTo ensure that Auth0\u0026#8217;s implementation is conformant we got \u003ca href='http://openid.net/certification/'\u003eOpenID certified\u003c/a\u003e.\u003c/li\u003e\u003cli\u003e\u003ca href='https://auth0.com/learn/json-web-tokens/'\u003eJSON Web Tokens\u003c/a\u003e—an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. They can be used to pass the identity of authenticated users between the identity provider and the service requesting the authentication. They can be authenticated and encrypted.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eEnterprise Authentication Standards\u003cul\u003e\u003cli\u003eSecurity Assertion Markup Language (SAML)—an open-standard, XML-based data format that allows businesses to communicate user authentication and authorization information to partner companies and enterprise applications their employees may use. SAML allows for platform neutrality, reduced costs, and risk transference of identity management.\u003c/li\u003e\u003cli\u003eWS-Federation—Developed by Microsoft and used extensively in their applications, this standard defines the way security tokens can be transported between different entities to exchange identity and authorization information.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/1yBFsBq0YCGfJI0LW3wge4/e60111618e64c491da61041a91a86da5/Diagram-2.png' rel='attachment wp-att-160'\u003e\u003cimg loading='lazy' class='alignnone size-full wp-image-160' src='https://images.ctfassets.net/kbkgmx9upatd/1yBFsBq0YCGfJI0LW3wge4/e60111618e64c491da61041a91a86da5/Diagram-2.png' alt='Auth0 and Identity Industry Standards' /\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003eAll of these standards are available in Auth0, and implementation requires little to no recoding as you move between different protocols or identity providers.\u003c/p\u003e"},{"title":"Standardize Across Your Entire Organization","description":"\u003cp\u003eThe easiest way to get started with standards is to implement the Open ID Connect / OAuth 2 login protocol, using JWT as the access token. This will allow your users or employees to login in easily with any social identity provider.\u003c/p\u003e\u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/6kTwbXCLdO2p45uptSuVir/b1cd86eae48356e34e784891ce1026d8/Lock.png' rel='attachment wp-att-142'\u003e\u003cimg loading='lazy' class='alignnone size-full wp-image-142' src='https://images.ctfassets.net/kbkgmx9upatd/6kTwbXCLdO2p45uptSuVir/b1cd86eae48356e34e784891ce1026d8/Lock.png' alt='Authenticating with Auth0' width='2538' height='1446' /\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThere are 6 steps to implementing this with Auth0:\u003c/p\u003e\u003col\u003e\u003cli\u003eSetting up the callback URL in Auth0. To do this, add the information in the “Application Settings” page on the dashboard:\u003cpre\u003ehttp://www.yoursite.com/callback\u003c/pre\u003e\u003c/li\u003e\u003cli\u003eIntegrate Auth0Lock\u003cpre\u003e\u0026#60;script src='https://cdn2.auth0.com/js/lock-8.2.min.js'\u0026#62;\u0026#60;/script\u0026#62;\n\u0026#60;script type='text/javascript'\u003e\n var lock = new Auth0Lock('4CvZhjoDtdwciSPYLaby6EdJA6eBBRsi', 'username.auth0.com');\n function signin() {\n lock.show({\n callbackURL: 'http://www.yoursite.com/callback',\n responseType: 'code',\n authParams: {\n scope: 'openid profile'\n }\n });\n }\n\u0026#60;/script\u003e\n\u0026#60;button onclick='window.signin();'\u003eLogin\u0026#60;/button\u003e\u003c/pre\u003e\u003c/li\u003e\u003cli\u003eAfter the user authenticates, your app will be called to this endpoint with a \u003ccode style='line-height: 1.5;'\u003eGET\u003c/code\u003e\u003cpre\u003eGET http://www.yoursite.com/callback?code=AUTHORIZATION_CODE\u0026amp;state=VALUE_THAT_SURVIVES_REDIRECTS\u003c/pre\u003e\u003c/li\u003e\u003cli\u003eYour app will have to send the \u003ccode\u003ecode\u003c/code\u003e to the Auth0 server through a POST\u003cpre\u003ePOST https://username.auth0.com/oauth/token\nContent-type: application/x-www-form-urlencoded\nclient_id=4CvZhjoDtdwciSPYLaby6EdJA6eBBRsi\n\u0026amp;redirect_uri=http://www.yoursite.com/callback\n\u0026amp;client_secret=4DxvHUwrabq6EQNe061PoFDeC5Ic5DamI2Eropuz-MLvi730WJijwZT6Zd6EM_nK\n\u0026amp;code=AUTHORIZATION_CODE\n\u0026amp;grant_type=authorization_code\u003c/pre\u003e\u003c/li\u003e\u003cli\u003eThe response of the server will look like this\u003cpre\u003e{ 'access_token':'2YotnF..........1zCsicMWpAA', 'id_token': '......Json Web Token......', 'token_type': 'bearer' }\u003c/pre\u003e\u003c/li\u003e\u003cli\u003eFinally, you can get the user profile by calling\u003cpre\u003eGET https://username.auth0.com/userinfo/?access_token=2YotnF..........1zCsicMWpAA\u003c/pre\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThis will authenticate your users with their Open ID Connect identity provider, and pass back their \u003ca href='https://auth0.com/docs/user-profile'\u003enormalized user profile\u003c/a\u003e for your application.\u003c/p\u003e"},{"title":"Implement SAML for SSO To Take Your SaaS Up Market","description":"\u003cp\u003eImplementing enterprise SSO is one of the easiest ways to \u003ca href='https://auth0.com/blog/2015/08/18/how-to-go-upmarket-and-grow-your-revenue-by-20x/'\u003etake your SaaS upmarket\u003c/a\u003e and grow your revenue. Enabling enterprise clients to allow their employees to login to your application with their company details is likely a necessity for a potential enterprise customer to choose your SaaS.\u003c/p\u003e \u003cp\u003eImplementing SAML authentication in Auth0 is as easy as adding a few lines of code and adding your SAML identity provider information into the dashboard. The information you’ll need is:\u003c/p\u003e \u003cul\u003e \u003cli\u003eSSO Sign In URL\u003c/li\u003e \u003cli\u003eSSO Sign Out URL\u003c/li\u003e \u003cli\u003eX509 Signing Certificate\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eThis information can be added on the “SAML” configuration page under “Enterprise Connections”:\u003c/p\u003e \u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/2G3zCjz8A02gUQnMs9Vysi/e4cfff87f672955a14a163295ed3819b/configuring-saml.png' rel='attachment wp-att-145'\u003e\u003cimg loading='lazy' class='alignnone size-full wp-image-145' src='https://images.ctfassets.net/kbkgmx9upatd/2G3zCjz8A02gUQnMs9Vysi/e4cfff87f672955a14a163295ed3819b/configuring-saml.png' alt='Configuring SAML' /\u003e\u003c/a\u003e\u003c/p\u003e \u003cp\u003eTo use with Lock, you can add a few lines of code to redirect the Login and Logout functions to your SAML identity provider using an Express implementation, and including \u003ca href='https://npmjs.org/package/passport'\u003epassport.js\u003c/a\u003e:\u003c/p\u003e \u003cpre\u003evar express = require('express'); \nvar router = express.Router(); \nvar passport = require('passport'); \n \n/* GET users listing. */ \nrouter.get('/', function(req, res, next) { \n res.send(req.user); \n}); \n \nrouter.get('/authenticate', \n passport.authenticate('auth0', { \n failureRedirect: '/error' \n }), \n function(req, res) { \n if (!req.user) { \n throw new Error('user null'); \n } \n res.redirect('/'); \n }); \n \nrouter.get('/logout', function(req, res) { \n req.logout(); \n res.redirect('/'); \n}) \n \nmodule.exports = router;\u003c/pre\u003e \u003cp\u003eYou can learn more about this implementation by watching \u003ca href='https://auth0.com/blog/2016/02/02/switching-from-social-logins-to-saml-in-minutes-with-auth0/'\u003eour video on switching to SAML\u003c/a\u003e.\u003c/p\u003e"}]},{"id":"powering-user-analytics-identity","title":"Powering User Analytics With Identity","description":"Learn how Auth0 helps with your decision-making process, and makes it easy to gather data about your users. Explore a specific example of User Analytics, including code snippets.","category":"use-cases","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/4vWXL24FahzmsWI2u69KmZ/e7b6a984fc06ae11e360b4434f1f19ae/analytics-hero.png","mimeType":"image/png"},"content":[{"title":"The Problem","description":"\u003cp\u003eInnovaShoes is a footwear manufacturer that sells its products through an online store. The company plans to launch a new line of male running shoes with cutting-edge technology. As part of this launch, InnovaShoes will launch a marketing campaign targeted at existing male customers who have shown interest in fitness. The campaign has three goals:\u003c/p\u003e\u003cul\u003e\u003cli\u003eSend a preorder email about the new running shoes to male customers of their online store. Additionally, they want to segment these users by age and by interest in fitness, as men between 20 and 40 years old are more likely to have both the interest and disposable income to buy a premium fitness product.\u003c/li\u003e\u003cli\u003eThey want to know which registered users have not returned after registering, to offer them a special discount enticing them back.\u003c/li\u003e\u003cli\u003eLastly, as they know that many of their customers use Twitter, InnovaShoes want to better understand how customers who use this social network feel about the company.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eInnovaShoes wants to gather the necessary information about the users of its online store to execute their marketing campaign, and they reason that the best time to collect this data will be at registration and log in time. That is where identity management, and in particular, Auth0 can help.\u003c/p\u003e"},{"title":"The Solution","description":"\u003cp\u003eThe better InnovaShoes knows its customers, the more they can tailor the customer experience, bringing them more value. \u003cstrong\u003eSocial logins\u003c/strong\u003e let the company leverage the data gathered by Facebook, Twitter, and other social networks to enhance knowledge of customers, and treat them as individuals. Adding social logins to applications is very straightforward with \u003cstrong\u003eAuth0\u003c/strong\u003e, and is a good starting point for getting customer data. Social logins have several perks, including:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eBetter quality email addresses\u003c/strong\u003e: The social network provider is in charge of verifying the user\u0026#8217;s email. If the provider shares this information, you will get a real email address rather than the fake address that some users provide when registering in web applications.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eAccess to richer user profiles\u003c/strong\u003e: Social network providers often can provide additional information about users, such as location, interests, and birthday. Using this data, you can target personalized, relevant content to users.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eUp-to-date profiles\u003c/strong\u003e: Users often will not keep their profiles updated on less-visited websites, but they keep their social network profiles current. Social logins can give you more accurate information about your customers.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eBetter login security\u003c/strong\u003e: When users don’t have to create yet another username and password, they’re more likely to use good practices in choosing hard-to-guess passwords and use multi-factor authentication for the few sites such as social networks that hold their identity information. Your customers are tired of the username and password treadmill \u0026#8211; that’s why they’ll “Login with Facebook”.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis information is very useful for obtaining data and demographics about your users, which in turn is useful for targeted marketing campaigns or in product management decisions.\u003c/p\u003e\u003ch3 id='how-do-you-get-user-analytics-' class='anchor-heading'\u003eHow do you get User Analytics?\u003c/h3\u003e\u003cp\u003eAuth0 includes a powerful feature called “rules” \u0026#8211; little snippets of Javascript code that run as part of every authentication \u0026#8211; that let you extend the platform any way you need to, and implement advanced features. It is this extensibility that will be the secret to InnovaShoes’ implementation.\u003c/p\u003e\u003cp\u003eWhen users register for the online store using a social login, InnovaShoes can use a rule that calls an API for a service such as FullContact to extend the information of the user— location, age, gender, income bracket, social network memberships and so on, and in addition calls the social network’s API to enhance the user’s profile with interests, likes, social graph, etc. Create a rule to access powerful third-party social analysis APIs \u0026#8211; for example, invoking a sentiment analysis service to evaluate users’ tweets that mention \u003cstrong\u003e@InnovaShoes\u003c/strong\u003e. Create yet another rule that saves the user\u0026#8217;s information your chosen analytics platform, whether it is saved in a data warehouse and analyzed with a BI product suite,, streamed to a Big Data analytics platform based on Hadoop, loaded into a full-text indexing service, extracted to a SaaS analytics product \u0026#8211; whatever your data scientists and marketing team needs.\u003c/p\u003e\u003cp\u003eThe following snippet shows the basic information of an Auth0\u0026#8217;s user profile:\u003c/p\u003e\u003cpre\u003e{\n 'email': 'johndoe@gmail.com',\n 'email_verified': false,\n 'updated_at': '2016-01-18T19:42:13.322Z',\n 'picture': 'https://s.gravatar.com/avatar/1fda90f0e712deed531294cd044a2d05?s=480\u0026amp;r=pg\u0026amp;d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fkl.png',\n 'user_id': 'auth0|569d401336afe17803eba2ba',\n 'name': 'johndoe@gmail.com',\n 'nickname': 'johndoe',\n 'identities': [\n {\n 'user_id': '569d401336afe17803eba2ba',\n 'provider': 'auth0',\n 'connection': 'Username-Password-Authentication',\n 'isSocial': false\n }\n ],\n 'created_at': '2016-01-18T19:42:11.846Z',\n 'last_ip': '174.66.196.104',\n 'last_login': '2016-01-18T19:42:13.322Z',\n 'logins_count': 1,\n 'blocked_for': []\n}\u003c/pre\u003e\u003cblockquote\u003e\u003cp\u003eNotice how some of this information is immediately useful for the campaign. For example, by using the `last_login` property Innovashoes can determine whether a user has not logged in for a while, and send them an offer if they return to the store.\u003c/p\u003e\u003c/blockquote\u003e\u003cp\u003eYou can use the \u003ca href='https://www.fullcontact.com/developer/'\u003eFullContact API\u003c/a\u003e to obtain extended information about your users, such as the social networks associated with their email address. To do so, you can use the FullContact template when creating a new rule in the Auth0 management dashboard.\u003c/p\u003e\u003cp\u003eCombined together, this information can help you perform more complex analysis needed for the campaign \u0026#8211; such as figuring out who of your customers are the 20 \u0026#8211; 40 year old males (FullContact) who are interested in fitness (Facebook). With this extended profile you can connect to a database or indexing/search service—such as \u003cstrong\u003eElasticSearch\u003c/strong\u003e—to store the data of the registered users. This can be done using a rule, or in a different process using a \u003cem\u003ecron job\u003c/em\u003e as shown in \u003ca href='https://github.com/auth0/auth0-dashboard-widget/blob/master/webtasks/dashboard_cron.js'\u003ethis example\u003c/a\u003e. If you decide to save the user\u0026#8217;s information from a rule, you will get analytics in real-time. On the other hand, if you use a cron job, you will get the analytics only as frequently as the job is run. You should decide which is the best approach for your case/needs, taking into consideration the possibility that if you have millions of users, saving real-time information could be a huge load and your service may not be able to handle it.\u003c/p\u003e\u003cblockquote\u003e\u003cp\u003eYou can even send this information directly to a SaaS Analytics provider such as \u003ca href='https://azure.microsoft.com/en-us/services/stream-analytics/'\u003eAzure Stream Analytics\u003c/a\u003e, \u003ca href='https://rapidminer.com/'\u003eRapidMiner\u003c/a\u003e, a Hadoop instance, or wherever you want.\u003c/p\u003e\u003c/blockquote\u003e\u003cp\u003eEach time a user logs in, that event is a strong signal of engagement. You can learn even more about their preferences and interests by using Auth0 rules to record each authentication event in your analytics system and then correlating these events with other signals such as items placed into their shopping cart, pages visited, comments left, and so on. This idea of “progressive discovery” is a powerful way to build a comprehensive profile of a user over time, both by asking them for information and by observing their behavior.\u003c/p\u003e\u003cp\u003eOnce the necessary information is stored, you can create a dashboard with widgets that shape your analytics into an easy-to-read form. The following \u003ca href='https://github.com/auth0/auth0-dashboard-widget'\u003erepository\u003c/a\u003e contains the source code of a simple dashboard that directly accesses user profiles in Auth0, and which you can take as a starting point to create your own.\u003c/p\u003e\u003cp\u003eYour data scientists of marketing metrics experts may have their own preferred method of visualizing user data and derived analysis, based on your unique needs. Auth0’s API-driven, easily extended platform fits right into any analytics platform, no matter how straightforward or complex. Auth0 doesn’t saddle you with pre-built, inflexible analytics and visualizations as part of your identity platform \u0026#8211; we leave analytics and decision support tools to experts in those fields, but we integrate with those best-of-breed solutions with only a few lines of Javascript.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/email-wall/use-cases/analytics/analytics-dashboard.png' alt='Sample Analytics dashboard' /\u003e\u003c/p\u003e\u003cp\u003e\u003ci\u003eSample Analytics dashboard\u003c/i\u003e\u003c/p\u003e\u003cp\u003eFinally, you can add another rule that sends the Twitter handle of a user—if available—to an API that searches the user\u0026#8217;s tweets mentioning @InnovaShoes and assess their sentiment. With this information, the marketing department can send an email to users who tweeted a negative sentiment about the company to try to fix or neutralize the situation.\u003c/p\u003e\u003cp\u003eTo get near real-time statistics, you could buffer high-frequency authentication events using a queue component such as the open source RabbitMQ, and have a rule that sends the login information to it: the queue will then push the information into the data warehouse, analytics platform, or SaaS analytics solution. This is shown in the following diagram.\u003c/p\u003e\u003cp\u003e\u003cimg src='http://cdn2.auth0.com/use-cases/use-case-architecture-with-queue.png' alt='Use Case Architecture with Real-time analytics' /\u003e\u003c/p\u003e\u003cp\u003e\u003ci\u003eUse Case Architecture with Real-time analytics\u003c/i\u003e\u003c/p\u003e"},{"title":"Conclusion","description":"\u003cp\u003eAuth0 is powerful authentication platform, not an analytics engine, so it does not provide elaborate analytics right out of the box. However, Auth0’s rules engine gives you the flexibility to easily extract whatever data you need from authentication events, and enhance user profile data through web APIs as users register and authenticate. With this powerful, real-time capability, you can implement any analytics scenario you can imagine. Auth0 includes an ever-growing list of rule templates divided by categories. The power is there for you to use in delivering an even more personalized experience for your customers through advanced user analytics. Adding \u003cstrong\u003esocial login\u003c/strong\u003e to your applications takes only minutes, and provides rich, up-to-date information about your users. By combining both capabilities, you\u0026#8217;re presented with an endless realm of possibilities for discovering new ways to engage your users.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/email-wall/use-cases/analytics/rule-templates.png' alt='Creating a new rule using templates' /\u003e\u003c/p\u003e\u003cp\u003e\u003ci\u003eCreating a new rule using templates\u003c/i\u003e\u003c/p\u003e\u003cp\u003eTry it out today! Auth0 has plans for everyone\u0026#8217;s needs, including a free-forever plan that supports up to 7,000 active users and two social identity providers. For more information check the \u003ca href='https://auth0.com/pricing'\u003ePricing page\u003c/a\u003e, or \u003ca href='mailto:sales@auth0.com'\u003econtact the Auth0 sales team\u003c/a\u003e if you have any questions or custom needs.\u003c/p\u003e"},{"title":"Appendix A: Prototype Code","description":"\u003cp\u003eHere are some sample code snippets that are useful for implementing the logic described in this use case.\u003c/p\u003e\u003ch3 id='profile-enrichment-rule' class='anchor-heading'\u003eProfile Enrichment Rule\u003c/h3\u003e\u003cp\u003eThe rule that calls the FullContact API to enrich the user profile can be seen in the following code:\u003c/p\u003e\u003cpre\u003efunction (user, context, callback) {\n const FULLCONTACT_KEY = configuration.FULLCONTACT_KEY;\n\n // skip if no email\n if (!user.email) return callback(null, user, context);\n\n // skip if fullcontact metadata is already there\n if (user.user_metadata \u0026amp;\u0026amp; user.user_metadata.fullcontact) return callback(null, user, context);\n\n request.get('https://api.fullcontact.com/v2/person.json', {\n qs: {\n email: user.email,\n apiKey: FULLCONTACT_KEY\n },\n json: true\n }, (error, response, body) =\u0026gt; {\n if (error || (response \u0026amp;\u0026amp; response.statusCode !== 200)) {\n // swallow fullcontact api errors and just continue login\n return callback(null, user, context);\n }\n\n // if we reach here, it means fullcontact returned info and we'll add it to the metadata\n user.user_metadata = user.user_metadata || {};\n user.user_metadata.fullcontact = body;\n\n auth0.users.updateUserMetadata(user.user_id, user.user_metadata);\n context.idToken['https://example.com/fullcontact'] = user.user_metadata.fullcontact;\n return callback(null, user, context);\n });\n}\u003c/pre\u003e\u003cblockquote\u003e\u003cp\u003eThis is a simplified version of the FullContact template provided by Auth0. This version does not have Slack integration to log errors.\u003c/p\u003e\u003c/blockquote\u003e\u003cp\u003eAs seen in the preceding code, when information about the user is found, it will be added to the \u003cstrong\u003euser.user_metadata.fullcontact\u003c/strong\u003e property.\u003c/p\u003e\u003ch3 id='how-to-create-a-function-that-gets-the-user-s-age-from-an-enriched-user-profile' class='anchor-heading'\u003eHow to create a function that gets the user\u0026#8217;s age from an enriched user profile\u003c/h3\u003e\u003cp\u003eThe following code shows how to create a method that gets user age from the user\u0026#8217;s enriched profile. You can get other information about the user in a similar fashion.\u003c/p\u003e\u003cpre\u003efunction getAge(user) {\n if (user.age) {\n return user.age;\n }\n\n var fullContactInfo = user.user_metadata.fullContactInfo || user.app_metadata.fullContactInfo;\n\n if (fullContactInfo \u0026amp;\u0026amp; fullContactInfo.age) {\n return fullContactInfo.age;\n }\n if (fullContactInfo \u0026amp;\u0026amp; fullContactInfo.demographics \u0026amp;\u0026amp; fullContactInfo.demographics.age) {\n return fullContactInfo.demographics.age;\n }\n if (fullContactInfo \u0026amp;\u0026amp; fullContactInfo.demographics \u0026amp;\u0026amp; fullContactInfo.demographics.birthDate) {\n return moment().diff(fullContactInfo.demographics.birthDate, 'years');\n }\n\n if (user.dateOfBirth) {\n return moment().diff(user.dateOfBirth, 'years');\n }\n\n if (user.birthday) {\n return moment().diff(user.birthday, 'years');\n }\n\n return null;\n}\u003c/pre\u003e\u003ch3 id='rule-to-get-the-twitter-handle-of-the-user-and-send-it-to-the-sentiment-api' class='anchor-heading'\u003eRule to get the Twitter handle of the user and send it to the Sentiment API\u003c/h3\u003e\u003cp\u003eThe following rule shows how you can obtain the Twitter handle of a user and send the data to the Sentiment API. This process should be done only once per user; for that reason we are setting the \u003cstrong\u003esentiment_initialized\u003c/strong\u003e variable to true when the user is processed.\u003c/p\u003e\u003cpre\u003efunction (user, context, callback) {\n user.app_metadata = user.app_metadata || {};\n if (user.app_metadata.sentiment_initialized) {\n return callback(null, user, context);\n }\n\n var twitterHandle = getTwitterHandle(user);\n\n if (!twitterHandle) {\n return callback(null, user, context);\n }\n\n // You should make your requests over SSL to protect your app secrets.\n request.post({\n url: 'https://innovashoes.com/twittersentiment',\n json: {\n twitterHandle: twitterHandle,\n secretToken: configuration.TWITTER_SECRET_TOKEN\n },\n timeout: 15000\n }, function(err, response, body){\n if (err) return callback(new Error(err));\n user.app_metadata.sentiment_initialized = true;\n auth0.users.updateAppMetadata(user.user_id, user.app_metadata)\n .then(function(){\n callback(null, user, context);\n })\n .catch(function(err){\n callback(err);\n });\n });\n}\n\nfunction getTwitterHandle(user) {\n var fullContactInfo = user.user_metadata.fullContactInfo || user.app_metadata.fullContactInfo;\n if (fullContactInfo \u0026amp;\u0026amp; fullContactInfo.socialProfiles) {\n for (var key in fullContactInfo.socialProfiles) {\n if (fullContactInfo.socialProfiles[key].type === 'twitter'){\n return fullContactInfo.socialProfiles[key].username;\n }\n }\n }\n return null;\n}\u003c/pre\u003e\u003ch3 id='dashboard-sample-code' class='anchor-heading'\u003eDashboard sample code\u003c/h3\u003e\u003cp\u003eYou can find the dashboard sample code in this \u003ca href='https://github.com/auth0/auth0-dashboard-widget'\u003erepository\u003c/a\u003e. You can use it as a starting point and build your own. The readme file will provide you with information to run the example. You can view a live version \u003ca href='http://auth0.github.io/auth0-dashboard-widget/'\u003ehere\u003c/a\u003e.\u003c/p\u003e"}]},{"id":"multifactor-authentication-customers","title":"Multifactor Authentication for Customers","description":"Multifactor authentication has become the new minimum level required to ensure that your customers are who they say they are, in light of the massive security breaches of usernames and passwords that appear in the headlines each week. Even if your Web site or mobile application does not perform financial transactions you should add multifactor authentication for customers. It's easier than you think with Auth0.","category":"use-cases","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/52W8K7YeXeTXzWLG0Nm2wD/1eff1a4ad96096c3397d106b24c6a158/mfa-customers.png","mimeType":"image/png"},"content":[{"title":"The Problem","description":"Unfortunately, people create weak passwords, but what’s worse is that they reuse their passwords across social and commercial Web sites. Should any of those Web sites be penetrated, one day an impostor who has your customer\u0026#8217;s username and password may login to your Web site. The only feasible defense is to implement multifactor authentication (MFA). But any MFA solution has to work for both older applications, for which there is no source code and new applications for which there is source. It has to be able work in a scenario where the customer’s identity is held elsewhere such as at Google, Microsoft, Facebook or Amazon, and it has to be easy to implement."},{"title":"The Solution","description":"\u003cp\u003eIn a multifactor authentication scenario, additional “something you know”, “something you have” or “something you are” factors are requested by the application in addition to username/password. Popular methods include a fingerprint with Apple TouchID, retina scan, facial or voice recognition, a one-time password from a hardware or software token, an SMS texted code, an email delivered code, answering secret questions, or being in some physical location – the list goes on and on.\u003c/p\u003e\u003cp\u003eMFA can be requested at initial login to ensure the identity of the customer who wants to use a given application. Additionally, a technique known as contextual MFA is gaining in popularity, whereby requests for additional credential factors are based on the context of the customer’s interaction such as a group they are in, access from a new device or location, the resource being accessed or the time.\u003c/p\u003e"},{"title":"The Big Picture","description":"\u003cp\u003eAuth0 can be used to enhance both existing applications, for which there may be no source code, and new applications, for which source code is available. For existing applications, change the setting that is used to get to the Identity Provider (IdP) for the customers from the existing identity provider to Auth0. This allows Auth0 to operate as a broker between the application and the original customer IdP or external user database. New applications will use the Auth0 APIs through the convenient SDKs that are specific to each mobile device or application framework, along with the renowned Auth0 code samples and customized step-by-step guidance for each specific scenario that developers rave about.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/email-wall/use-cases/mfa-for-customers/big-picture-how-auth0-fits-in.png' alt='Auth0 is introduced between the applications and existing employee IDP' /\u003e\u003c/p\u003e\u003cp\u003eAuth0 adds MFA capability and more to both existing and new applications\u003c/p\u003e\u003cp\u003eOnce the applications are using Auth0 as their IdP, Auth0 enables you to service existing customers without them having to change their passwords or take any action whatsoever. Customers can be given the choice to log in with any of the standards-based or popular social and commercial IdPs such as Windows Live, Google, Facebook, Amazon, Salesforce, as a few examples.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/email-wall/use-cases/mfa-for-customers/mfa-for-customers-dashboard-switches.png' alt='Auth0 is introduced between the applications and existing employee IDP' /\u003e\u003c/p\u003e\u003cp\u003eAuth0 federates with any OpenID Connect, OAuth or popular IdPs\u003c/p\u003e\u003cp\u003eOnce in place, Auth0 provides the solid foundation required to add additional capabilities uniformly across all applications running on mobile devices or on the Web such as providing SSO, password-less authentication, multi-factor authentication, contextual MFA, logging user activity, and more.\u003c/p\u003e"},{"title":"Multifactor Authentication Options","description":"\u003cp\u003eIt is easy to add contextual multi-factor authentication where and when it is appropriate, on a per-application basis, for each user or group of users. Auth0 MFA features include:\u003c/p\u003e\u003cp\u003e(i) Use any of the dozens of MFA solutions that exist today including SMS Text, email, biometric, password-less and more, and be ready to add any new ones easily as they become available or necessary. Auth0 provides support for all MFA service providers through powerful authentication flow “rules”, which are described below.\u003c/p\u003e\u003cp\u003e(ii) Add contextual MFA which allows you to define arbitrary conditions that will trigger additional authentication challenges to your customers for increased security, for example, geographic location (geo-fencing), address or type of network used (IP filtering), time of day, day of the week or change in the location or device being used to log in as described here (\u003ca href='https://auth0.com/docs/multifactor-authentication'\u003ehttps://auth0.com/docs/multifactor-authentication\u003c/a\u003e).\u003c/p\u003e\u003cp\u003e(iii) With the flip of a switch in the Auth0 dashboard, add the popular Google Authenticator MFA experience (\u003ca href='https://en.wikipedia.org/wiki/Google_Authenticator'\u003ehttps://en.wikipedia.org/wiki/Google_Authenticator\u003c/a\u003e) or the Duo Security MFA experience (\u003ca href='https://www.duosecurity.com/'\u003ehttps://www.duosecurity.com/\u003c/a\u003e) into the authentication flow for any applications.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/email-wall/use-cases/mfa-for-customers/mfa-dashboard-switch.png' alt='Auth0 Dashboard method of adding or deleting Google Authenticator or Duo Security' /\u003e\u003c/p\u003e\u003cp\u003eEnable MFA for any application with the flip of a switch\u003c/p\u003e"},{"title":"Extensibility with Rules","description":"\u003cp\u003eAuth0 allows you to customize and extend the authentication flow through JavaScript functions called rules (\u003ca href='https://auth0.com/docs/rules'\u003ehttps://auth0.com/docs/rules\u003c/a\u003e), which run in a secure sandbox and allow Auth0 to be extended easily. Rules run after the existing IdP has authenticated the customer and before control is returned to the application that called Auth0.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/email-wall/use-cases/mfa-for-customers/auth-pipeline-with-rules-customers.png' alt='After authenticating the user, Auth0 can run any number of custom rules' /\u003e\u003c/p\u003e\u003cp\u003eRules are run after the customer is authenticated and before control is returned to the application\u003c/p\u003e\u003cp\u003eMany of our customers have found the Auth0 rules feature to be very helpful. Rules allow you to easily implement all kinds of customizations to the login process with just a little bit of JavaScript code. Some of the most popular uses for rules include:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAdding multi-factor authentication\u003c/li\u003e\u003cli\u003eContextual MFA (context-aware, risk-based authentication)\u003c/li\u003e\u003cli\u003eAdding, removing or enriching user attributes drawn from several IdPs or databases\u003c/li\u003e\u003cli\u003eUser enrollment\u003c/li\u003e\u003cli\u003eConsent \u0026amp; legal terms acceptance\u003c/li\u003e\u003cli\u003eRedirect to a page to consent to user claims being sent to the requestor\u003c/li\u003e\u003cli\u003eSending events to analytics tools like Mixpanel, Segment or KISSMetrics\u003c/li\u003e\u003cli\u003eEnforce access control policies\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAuth0 provides rule templates to speed the creation of new rules and a large number of useful rules are have been contributed by the active community on GitHUB (\u003ca href='https://github.com/auth0/rules'\u003ehttps://github.com/auth0/rules\u003c/a\u003e).\u003c/p\u003e"},{"title":"Advantages","description":"Auth0 makes it easy to incorporate MFA and contextual MFA into the customer’s experience for both existing and new applications and provides the opportunity to add other capabilities such as password-less authentication, keeping user activity logs, single sign-on, login with social or commercial identities and more. With Auth0, getting MFA implemented for all of the applications your customers use is easier than you think."}]},{"id":"migrate-user-database-auth0","title":"Migrate a User Database to Auth0","description":"Auth0 has a built-in enterprise-class database and can be configured to use any external user database to ease deployment. Whats more, user data can be migrated gradually to the Auth0 built-in database with no impact on operations or users, and enhanced with other data sources along the way.","category":"use-cases","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/6NZlGLRqoHmsRRlI6F3X0I/f8038937b3113bf5f0d340b91f44eda5/migrate-user-db-hero.png","mimeType":"image/png"},"content":[{"title":"The Problem","description":"Auth0 is commonly used to upgrade the existing Identity Provider (IdP) to one that provides modern features such as contextual multifactor authentication, federated logins for business partners, password-less authentication, biometrics, customer logins using their existing social accounts, Single Sign-on (SSO) and more with an enterprise-class, developer-friendly IdP. Auth0 can be deployed in such a way that it uses the existing user database, to minimize any disruptions or inconveniences for users, such as the requirement for them to reset their passwords. However, it is common for the existing user database to be in need of an upgrade as well to increase its scalability, performance, availability, security or scope. How can Auth0 be deployed to use the existing user database, ensure a smooth migration of all user data to its built-in, enterprise-class database, and avoid the hassle of password resets?"},{"title":"The Big Picture","description":"\u003cp\u003eAuth0 replaces the existing Identity Provider, and uses the existing external user database. The setting that determines which IdP existing applications should use is simply changed to be Auth0. Existing applications will then access Auth0 using the SAML, OpenID Connect, WS-FED or OAUth2 protocol. For new native, Web and mobile applications, the Auth0 Rest APIs are accessed through convenient, platform-specific SDKs to perform authentication using the code samples and customized step-by-step guidance that developers highly value from Auth0.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/email-wall/use-cases/database-migration/big-picture-how-auth0-fits-in.png' alt='Auth0 becomes the IdP for all existing and new applications, and will federate with old IdPs and user databases as it adds its unique enterprise-class authentication capabilities.' /\u003e\u003c/p\u003e\u003cp\u003eAuth0 is an Enterprise-class Identity Provider that federates and extends well\u003c/p\u003e"},{"title":"Database Migration","description":"\u003cp\u003eAuth0 utilizes a built-in, enterprise-class, highly scalable and available database that is ideal for keeping track of millions of users. The first time a user or device logs in to Auth0, they will not have a record in the built-in Auth0 database, so Auth0 will use its connection to the existing external user database to get the record, including any user data that is to be migrated into the Auth0 built-in database. As well as completing the authentication request, Auth0 adds the newly acquired user record to its built-in database. Over the course of a few weeks or months, a majority of the users will have been automatically migrated over without noticing anything has changed. The rest of the records can then be bulk imported into Auth0 at any time but they will require password resets. Once the process is complete the existing external database can be retired. For more details see \u003ca href='https://auth0.com/docs/connections/database/migrating'\u003ehttps://auth0.com/docs/connections/database/migrating\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/email-wall/use-cases/database-migration/database-migration-logic.png' alt='Logic diagram for moving users to the Auth0 database' /\u003e\u003cbr /\u003eLogic used to migrate users to the Auth0 database\u003c/p\u003e\u003cp\u003eUsing this algorithm means that the user will not have to reset their password. Once a user is migrated to the Auth0 user database, the legacy database records will no longer be used for them.\u003c/p\u003e"},{"title":"How it Works","description":"\u003cp\u003eApplications are directed to use Auth0 as their Identity Provider (IDP). Auth0 either uses a direct connection to the original user database (\u003ca href='https://auth0.com/docs/connections/database'\u003ehttps://auth0.com/docs/connections/database\u003c/a\u003e) or calls on a Web service that accesses the existing external database to authenticate the user and collect all of their user information, as depicted in the diagram below.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/email-wall/use-cases/database-migration/data-migration-block-diagram.png' alt='First login request for a given user moves all their information in the Auth0 database' /\u003e\u003c/p\u003e\u003cp\u003eUser identities in an existing external database are migrated on the fly to the built-in database\u003c/p\u003e\u003cp\u003eAuth0 provides the template Node.js code that it will run in a secure sandbox to perform the “Login” and “Get User Data” operations to the existing external user database or to a Web service so the data can be migrated to the Auth0 built-in database. This JavaScript template code is easily customized for the exact user data migration scenario.\u003c/p\u003e\u003cp\u003eAuth0 provides templates for most of the common databases such as: ASP.NET Membership Provider, MongoDB, MySQL, PostgreSQL, SQLServer, Windows Azure SQL Database, and for a Web service that will connect to any kind of database or Web service with a customized Node.js script and migrate its user data into the Auth0 user database easily and non-disruptively.\u003c/p\u003e\u003cp\u003eIf desired, it’s easy to gather user information from additional sources and add it to the record for each user as their user data is being migrated over to the Auth0 built-in user database.\u003c/p\u003e"},{"title":"Advantages","description":"The database migration feature of Auth0 can accommodate any existing external database and can move the user data records to the Auth0 built-in user database, while enhancing the records with additional data if desired. The user records are migrated gradually over time to avoid adversely impacting operations, the last ones are bulk loaded into Auth0 so the old database can be retired. With Auth0, migrating user data to the Auth0 database to meets your scale, availability, performance or security goals is easier than you think."}]},{"id":"multi-party-authentication-flow","title":"Multi-Party Authentication Flow","description":"Explore a specific example of a complex, multi-party authentication flow and learn how Auth0 makes it simple.","category":"use-cases","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/2AC2A0lEc4JL6EclG5LI3z/9662ce12c12c9031c1d9334dfbe772ec/multiparty-hero.png","mimeType":"image/png"},"content":[{"title":"The Problem","description":"\u003cp\u003eWhen your business depends on quickly getting your custom applications into production, you need an IAM platform that is designed by developers, for developers. Let’s look at how Auth0 makes even sophisticated identity workflows easy to implement, getting your applications into production more quickly, more securely, and with less on-going maintenance.\u003c/p\u003e\u003cp\u003eImagine that you are building \u0026#8220;Lodging Picks\u0026#8221;, a B2B SaaS travel application you will sell to enterprises. You aggregate lodging listings from multiple sources including hotels and RoomSMart, an online marketplace very similar to AirBnB that matches hosts with rooms to rent with travelers looking for cost-effective home-based lodging. The challenge: book RoomSMart properties through their private API\u003csup\u003e1\u003c/sup\u003e on behalf of your customers’ users, without holding RoomSMart account credentials.\u003c/p\u003e\u003col\u003e\u003cli\u003eWe could have used AirBnB as our example but we did not want to imply that they’re actually offering such a private API for use by partners. Think of RoomSMart as just like AirBnB, and this use case as illustrating a realistic, multi-party authentication scenario.\u003c/li\u003e\u003c/ol\u003e"},{"title":"The Challenges","description":"\u003cp\u003eWhat makes this multi-party authentication flow complex to implement? Let’s look at the concerns of the involved parties in this scenario:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eThe Enterprise\u003c/strong\u003e is keen to gain the benefits of Lodging Picks for its business, but must control access to the Lodging Picks application for its employees, and wants to make it simple to use. Accordingly, the company wants to integrate Lodging Picks into their SSO infrastructure, and must be able to provision and deprovision employees for Lodging Picks as they join and leave the company.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eThe Employee\u003c/strong\u003e wants to book lodging through the application, including RoomSMart rooms, but must control access to her RoomSMart account by Lodging Picks. In particular, Lodging Picks must have limited access only to book rooms using the default payment method for her account, and not to rate hosts, send messages, or change profile or payment information. In addition, she must be able to revoke access in the event of a problem, and keep her RoomSMart profile private.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eLodging Picks\u003c/strong\u003e wants to offer a valuable service to their enterprise customers, with a great SSO user experience for enterprise users and a new channel for RoomSMart. But in a world where security breaches are regular front-page news, Lodging Picks must broker these transactions while minimizing the trust demanded of the participating parties. Unless everyone feels secure that their valuable information is safe and under their control, the risks of using this SaaS application might exceed the benefits.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eRoomSMart\u003c/strong\u003e Is eager to add a new B2B channel to their sales. But they have built their business on the basis of trust: hosts are offering up space in their homes to strangers \u0026#8211; guests, and guests are booking those rooms on the basis of both descriptions on the site, and ratings and comments by other guests. Both hosts and guests save sensitive information on the service, and RoomSMart must maintain privacy and comply with laws and regulations while delivering a very simple user experience. Accordingly, they likely don’t allow other applications to store login credentials, they tightly control API access, they give the owners of sensitive information full control, and they retain the ability to enforce their terms of service.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf this seems complicated, it is! But it is also typical of modern web and mobile applications built by composing services available in the \u0026#8220;API economy\u0026#8221; from independent sources. Authentication and authorization are the critical tools that govern how such services can trust each other in an inherently untrustworthy environment.\u003c/p\u003e\u003cp\u003eToday, no solution handles sophisticated, multi-party authentication workflows like this one out of the box. Tools with built-in and simple authentication flows can’t do it. To implement Lodging Picks, you might need to hand-build a custom IAM solution at substantial cost, hire specialized talent, and put in place expensive, on-going maintenance. What you really need is an API-driven identity platform optimized for developer flexibility, that simplifies applications where identity spans organizational boundaries. You need Auth0.\u003c/p\u003e"},{"title":"The Solution: Auth0 Redirect Rules","description":"\u003cp\u003eWhat needs to happen here? The user \u0026#8211; an employee of your customer \u0026#8211; will log in to Lodging Picks using their federated enterprise credentials. Auth0 simplifies this process, making it easy for you to implement SSO for your customers. Once a user is authenticated, you’ll need to execute an on-boarding workflow that allows Lodging Picks to use the RoomSMart API to view and book RoomSMart accommodations on behalf of the user.\u003c/p\u003e\u003cp\u003eWhy not just ask the user to log into Lodging Picks with both their enterprise credentials and their RoomSMart credentials, then link the accounts so that the user can use either account to access Lodging Picks? This approach wouldn’t work: the user could access Lodging Picks even after they’re no longer an employee of the enterprise, using their RoomSMart login. Access to the Lodging Picks application must only use the employee’s enterprise account, through SSO.\u003c/p\u003e\u003cp\u003eWhat if you asked the user to save their RoomSMart name and password in the Lodging Picks application? This might work, but it goes against best practice. It is much less secure for both RoomSMart and the employee, could make Lodging Picks a more attractive hacking target, and accordingly might be disallowed by RoomSMart.\u003c/p\u003e\u003cp\u003eSo how can you gain only the access you require to RoomSMart on behalf of the user, without holding their RoomSMart credentials, and while authenticating using only the user’s enterprise account?\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/email-wall/use-cases/multi-party-auth-flow/Auth0RulesOverview.png' alt='Auth0 Rules Pipeline' /\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFigure 1: Auth0 Rules Pipeline\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eAuth0 includes a powerful feature \u0026#8211; authentication pipeline rules \u0026#8211; that let you add code that executes after every authentication to add custom processing. Rules can include arbitrary code that could log transactions, tie into analytics platforms, initiate additional authentication such as multi-factor authentication, or call additional APIs to access additional information or perform additional work. Rules can redirect users to external sites or services and upon return, perform additional processing on the result. This ability to add any code to the authentication pipeline is one of Auth0’s most powerful features.\u003c/p\u003e\u003cp\u003e\u003cimg class='figure-right alignright' src='https://cdn2.auth0.com/content/email-wall/use-cases/multi-party-auth-flow/MultiParty_DesktopGrant.png' alt='Example Grant Page' /\u003e\u003c/p\u003e\u003cp\u003eWith just a few dozen lines of Javascript, you can implement even a complex multi-party, multi-protocol authentication workflow such as the one for Lodging Picks. So, we’ll implement our workflow as a rule (prototype Javascript code is in Appendix A, at the end of this use case). When the rule detects that Auth0 hasn’t yet saved a refresh token for RoomSMart, such as when a user first logs into Lodging Picks, it interrupts the user’s authentication processing and redirects to RoomSMart’s API grant page. The user then grants Auth0 permission on behalf of Lodging Picks, to acquire and securely store a user-specific API refresh token in the user’s profile which can in turn be used to acquire an access token with limited access rights and short expiration. Lodging Picks can call Auth0’s API to retrieve\u003ccode\u003euser.app_metadata_encrypted_roomsmart_refresh_token\u003c/code\u003e and after acquiring the access token, perform RoomSMart lookups and bookings on behalf of the user. The user retains full control and is able to revoke this access at any time by visiting her RoomSMart account. RoomSMart also can revoke the refresh or access token. Another rule could automatically use the refresh token to acquire a new access token before the old one expires.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/email-wall/use-cases/multi-party-auth-flow/MultiParty_FlowDiagram.png' alt='Example Multi-Party Authentication Workflow' /\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFigure 2: Example Multi-Party Authentication Workflow\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cimg class='figure-right alignright' src='https://cdn2.auth0.com/content/email-wall/use-cases/multi-party-auth-flow/MultiParty_PhoneGrant.png' alt='Example Phone Application' /\u003e\u003c/p\u003e\u003cp\u003eAuth0’s redirect rules let you interrupt the authentication pipeline to call out to any service. You’re not limited to code you’ve written in your application. With this powerful capability, you can leverage the web API ecosystem, or build custom integrations to enterprise applications.\u003c/p\u003e\u003cp\u003eCheck out Auth0’s comprehensive \u003ca href='https://auth0.com/docs/rules/redirect'\u003edocumentation and examples\u003c/a\u003e for more on how to implement redirect rules, and take a look at Appendix A to see a prototype of a rule that implements this specific use case.\u003c/p\u003e\u003cp\u003eArbitrary code execution means you have the flexibility to compose complex authentication and authorization workflows, without building and maintaining a custom IAM solution. All using simple hooks and Auth0’s comprehensive front-end and back-end platform support to speed development.\u003c/p\u003e\u003cp\u003eWhen it comes time to implement your IOS and Android native applications, your developers can leverage this production identity workflow with no extra effort \u0026#8211; mobile apps use the same Auth0 APIs. Easy!\u003c/p\u003e"},{"title":"Conclusion","description":"\u003cp\u003eModern web and mobile applications are composed of services called by APIs hosted by independent companies and entities. Security in this API ecosystem depends on authentication \u0026#8211; services must know that calls to their API for access to personally-identifiable information and sensitive actions are legitimate, and approved by their account holders. As applications grow in complexity, the usage patterns and access requirements of these independent APIs can’t be predicted in advance and built into rigid design patterns. The API economy demands code-driven flexibility in handling authentication flows. Auth0 authentication pipeline rules makes such custom flows easy for developers to build, and easy for end users to navigate these scenarios where multi-party authentication is needed.\u003c/p\u003e\u003cp\u003eAuth0 comes with another unique feature \u0026#8211; its lauded Customer Success team. Help is just a Slack chat or email away \u0026#8211; to get you past any hurdles quickly and get your business critical applications into production.\u003c/p\u003e\u003cp\u003eFor more information, contact the Auth0 sales team, or just try it out! The full capability of the Auth0 platform is always free for development use. Create your free account today at auth0.com and discover the developer-focused difference.\u003c/p\u003e"},{"title":"Appendix A: Prototype Code","description":"\u003cp\u003eHere is some sample code that implements the rule described in this use case. It gets an authorization code through the RoomSMart consent flow, then exchanges that code for a refresh token. The rule then encrypts that refresh token and saves it as application metadata in the user’s profile.\u003c/p\u003e\u003cpre\u003efunction(user, context, callback) {\n // If we already have the user's refresh token, don't ask for consent again.\n user.user_metadata = user.user_metadata || {};\n if (user.app_metadata.encrypted_roomsmart_refresh_token) {\n return callback(null, user, context);\n }\n\n var CLIENT_ID = '123456';\n var CLIENT_SECRET = 'ABCDEFG';\n\n // Redirect to the RoomSMart web application to ask for consent.\n if (context.protocol !== 'redirect-callback') {\n var REDIRECT_TO = 'https://roomsmart.com';\n var REDIRECT_PATH = '/oauth2/authorize?client_id=' + CLIENT_ID +\n '\u0026amp;redirect_uri=http://lodgingpicks.auth0.com/continue\u0026amp;response_type=code' +\n '\u0026amp;scope=offline_access%20read_account';\n\n context.redirect = {\n url: REDIRECT_TO + REDIRECT_PATH\n };\n\n return callback(null, user, context);\n }\n // We are redirected back.\n else {\n\n // No consent given.\n if (context.request.query.error) {\n return callback(new UnauthorizedError(context.request.query.error_description));\n }\n\n // Consent given, exchange the authorization code for tokens\n var token_request = {\n body: 'grant_type=authorization_code' +\n '\u0026amp;client_id=' + CLIENT_ID +\n '\u0026amp;client_secret=' + CLIENT_SECRET +\n '\u0026amp;redirect_uri=http://lodgingpicks.auth0.com/continue' +\n '\u0026amp;code=' + context.request.query.code\n };\n request.post('https://roomsmart.com/oauth2/token', token_request, function(err, res, body) {\n if (err) {\n return callback(err);\n }\n\n var token_response = JSON.parse(body);\n if (!token_response.refresh_token) {\n return callback(new UnauthorizedError('Refresh token is missing'));\n }\n\n // Encrypt the refresh token.\n user.app_metadata.encrypted_roomsmart_refresh_token = encrypt(token_response.refresh_token);\n\n // Store it in the user's profile.\n auth0.users.updateAppMetadata(user.user_id, user.app_metadata)\n .then(function() {\n\n // Continue the authentication transaction.\n callback(null, user, context);\n })\n .catch(function(err) {\n callback(err);\n });\n });\n }\n\n // Helper to encrypt sensitive data.\n function encrypt(data) {\n var iv = new Buffer(configuration.ENCRYPT_IV);\n var decodeKey = crypto.createHash('sha256')\n .update(configuration.ENCRYPT_PASSWORD, 'utf-8').digest();\n var cipher = crypto.createCipheriv('aes-256-cbc', decodeKey, iv);\n return cipher.update(JSON.stringify(data || {}), 'utf8', 'base64') + cipher.final('base64');\n }\n}\u003c/pre\u003e"}]},{"id":"media","title":"Bringing the Digital Subscriber Closer to You","description":"Build a 360-degree view of the corporate and consumer subscriber and personalize both content and ad placements","category":"industries","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/3KVQmEtsKSa5qhWA108X92/d6298294b32162114fb75487a498846f/learn-media.png","mimeType":"image/png"},"content":[{"title":"","description":"\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/6CoaV2i7dvDHEFuRpiPXYu/054eb6a38064c5a0d737f61c7ab6f95b/1-1.png'\u003e\u003cimg loading='lazy' src='https://images.ctfassets.net/kbkgmx9upatd/6CoaV2i7dvDHEFuRpiPXYu/054eb6a38064c5a0d737f61c7ab6f95b/1-1.png' alt='Login box and customers' /\u003e\u003c/a\u003e"},{"title":"Get Closer to the Subscriber:","description":"\u003cp\u003e\u003cspan\u003eRelevance begins with knowing your subscriber, and that starts at login. With the growing influence of social media on Millennials subscribers, publishers and media brands are increasingly leveraging first-party data from social logins to enhance the user experience, influence social conversations around recommendations and content discovery; and leverage rich user profiles to deliver personalized content and ads.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/learn/social-login/'\u003e\u003cb\u003eLet’s Get Social\u003c/b\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003eStreamline the registration process with social logins and enable a one-click user experience to significantly increase conversion rates.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/blog/how-profile-enrichment-and-progressive-profiling-can-boost-your-marketing/'\u003e\u003cb\u003eMake Social Data Work For You\u003c/b\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003eSocial login simplifies registration, but when combined with Auth0\u0026#8217;s rules feature, it delivers unlimited flexibility providing the deepest insights about the customer’s preferences. \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/blog/progressive-profiling/'\u003e\u003cb\u003eProgressive Profiling\u003c/b\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003e86% of users say overly long forms make them quit on registrations, and reducing form fields from 11 to 4 increases conversion rates by 120%. So, progressively profile your customers at key digital touchpoints and slowly build out the customer\u0026#8217;s profile over time. \u003c/span\u003e\u003c/p\u003e"},{"title":"The Single View of the Subscriber","description":"\u003cp\u003e\u003cspan\u003eConsolidate authentication across all your digital properties and build a single view of the digital subscriber. In today’s omnichannel world and with the rise of programmatic ad buying, the single view will not only enable you to create a compelling case for your premium ad inventory, but it will also support you in curating the right content for your target audience segments. \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u003c/b\u003e\u003cb\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/3EXDyJNRNQekk8VPU7Pjfk/6b6219b8266a54abc46a0fb062e13f42/media-persona.png'\u003e\u003cimg loading='lazy' class='aligncenter wp-image-2189 size-full' src='https://images.ctfassets.net/kbkgmx9upatd/3EXDyJNRNQekk8VPU7Pjfk/6b6219b8266a54abc46a0fb062e13f42/media-persona.png' alt='' width='637' height='737' /\u003e\u003c/a\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/blog/the-three-best-ways-to-create-the-single-vision-of-a-customer/'\u003e\u003cb\u003eTrue Omnichannel Experience\u003c/b\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003eEnable a single sign-on experience across all your brands and use Auth0 as a single source of truth for all your digital identities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/docs/link-accounts'\u003e\u003cb\u003eLink Multiple Social Accounts\u003c/b\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003eAuth0\u0026#8217;s account linking feature enables you to link multiple social identities. Build a richer profile based on first-party identity data and enhances social engagement at all levels.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/docs/connections/database'\u003e\u003cb\u003eCentralized Identity Management\u003c/b\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003eAuth0 delivers a flexible user store directory model. You can host your directory in the highly secure Auth0 server, use your existing directory or migrate users to the Auth0 database without requiring a password reset. \u003c/span\u003e\u003c/p\u003e"},{"title":"Personalize to be Relevant:","description":"\u003cp\u003e\u003cspan\u003eHow many times have we “skipped” or ignored irrelevant ads for products or services that we simply don’t need? Relevance begins with social logins but ends with personalization. Making ads more relevant- especially contextually relevant- can go a long way in converting impressions to customers. Finally, with the right DMP integrations, you can segment the audience segments efficiently and serve the most relevant content and ads in real time.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/blog/build-personalized-marketing-with-identity-management/'\u003e\u003cb\u003eFirst-Party Data\u003c/b\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003ePersonalization is all about knowing your customer and this starts with First-Party data. With Auth0, you can source and consolidate First-Party data from several channels during the registration process and leverage this data for better segmentation, targeting and positioning. \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/blog/5-killer-email-strategies-for-lifecycle-marketing/'\u003e\u003cb\u003eMarketing\u003c/b\u003e \u003cb\u003eIntegrations\u003c/b\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003eLeverage actionable data for personalized targeting and growth. Customized integrations with marketing platforms and advertising networks allow for better-targeted campaigns and in-app advertisements.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/learn/powering-user-analytics-identity/'\u003e\u003cb\u003eAdvanced Analytics for Audience Segmentation:\u003c/b\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003eContent is becoming more curated and when analytics is done right, you can find the right audience segments for that content or even create “instant” audiences for new shows and products. \u003c/span\u003e\u003c/p\u003e"},{"title":"Streamline Enterprise Subscriptions","description":"\u003cp\u003e\u003cspan\u003eYour corporate clients demand Federation, and with Federation, you can simplify the onboarding process for group subscriptions. Federation can be a long, drawn-out process to get right for just one customer. Auth0 creates truly “turnkey” enterprise federation that is scalable for multiple customers at one time, saving weeks and even months with minimal effort.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://images.ctfassets.net/kbkgmx9upatd/J7QlJ2ldbLXeofc1etg1N/b28a549554d6cb0ac352be6ddeef7630/phone-login.png'\u003e\u003cimg loading='lazy' class='alignnone size-large wp-image-2196' src='https://images.ctfassets.net/kbkgmx9upatd/J7QlJ2ldbLXeofc1etg1N/b28a549554d6cb0ac352be6ddeef7630/phone-login.png' alt='' width='1024' height='538' /\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003ca href='https://auth0.com/blog/how-enterprise-federation-helps-shorten-the-sales-cycle/'\u003e\u003cb\u003eFrictionless Federation\u003c/b\u003e\u003cbr /\u003e\u003c/a\u003eFederate with ease and simplify onboarding and offboarding partner companies using industry-leading protocols. Further, do this at scale by setting up as many Active Directory, PingFederate, LDAP, or even a custom SAML-P providers for as many users as needed.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/learn/how-to-implement-single-sign-on/'\u003e\u003cb\u003eSingle Sign-On\u003c/b\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan\u003eIntegrate Single Sign-On (SSO) for both partners and internal employees from the get-go. SSO authentication gives your users a seamless experience as they navigate through your internal and third party applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/blog/why-using-open-standards-helps-close-enterprise-deals/'\u003e\u003cb\u003eOpen Standards:\u003c/b\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003eFrom the start, Auth0 has been built on battle-tested identity standards including OpenID Connect, OAuth, LDAP, SAML, and JSON Web Tokens (JWTs). \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href='https://auth0.com/docs/identityproviders'\u003e\u003cb\u003eRapid Implementation with SDKs:\u003c/b\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003eThe speed of implementation is crucial, and Auth0 was built from the ground-up to be “developer-centric.” With full blown SDKs, live documentation and seamless Github integration, Auth0 empowers you to achieve your authentication goals with minimal effort. \u003c/span\u003e\u003c/p\u003e"}]},{"id":"retail","title":"Everything revolves around the customer. Why shouldn’t Identity?","description":"Increase conversions, personalize engagement, streamline partnerships, and build brand loyalty.","category":"industries","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/79gv7VOyR0Zd4nC8LLt76w/5c352805517fae4ff446304215ec433a/learn-retail.png","mimeType":"image/png"},"content":[{"title":"Introduction","description":"\u003cp\u003eCustomers are engaging with retailers and brands on their terms through mobile apps, web portals, product reviews, and social media. They expect all interactions \u0026#8211; both online and offline- to be consistent and highly personalized. As eCommerce and retail businesses continue to evolve, managing digital identities is an increasingly critical function \u0026#8211; and all of this revolves around a single view of the customer.\u003c/p\u003e\u003cp\u003e\u003cspan\u003eWhen the right Customer Identity and Access Management (CIAM) platform is implemented, retailers can optimize operational, organizational processes, and marketing programs to delight customers with personalized experiences at every touchpoint from product discovery to purchase and beyond.\u003c/span\u003e\u003c/p\u003e"},{"title":"Customer Acquisition","description":"\u003cp\u003e\u003cb\u003e\u003ci\u003eAccelerate registration conversions without compromising security\u003c/i\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eRegistration is that pivotal point when an unknown customer becomes a known customer, but becomes a barrier if not done right. Most customers hesitate to setup a new account with yet another set of credentials and often provide incorrect or incomplete information during form fills. For retailers looking to deliver personalized experiences to the customer, it is critical to get the right information during this process.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eAuth0 gets registration right by delivering everything you need to implement modern authentication.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cb\u003eLet’s Get Social\u003c/b\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003eIntegrating social logins streamlines the registration process and increases registration conversion rates. With Auth0, adding a social connection is as easy as flipping a switch and you get access to 30+ integrations including Facebook, Twitter, and Google right out-of-the-box. \u003c/span\u003e\u003cspan\u003e \u003ca href='https://auth0.com/learn/social-login/' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003cimg loading='lazy' class='alignnone size-full wp-image-1922' src='https://images.ctfassets.net/kbkgmx9upatd/5xdiGa0EhbKAxS4bskO2ew/c3fe09098477d2ab8a276bb706a974a1/Customer-Acquisition.png' alt='Customer Acquisition' /\u003e\u003c/span\u003e\u003cb\u003eTired of passwords? We are too! \u003c/b\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003eThe average customer keeps track of at least 25 username and password combinations at any point in time. This results in login fatigue making users reuse credentials over and over again. With Auth0, passwords can be eliminated entirely using magic links, Touch ID or SMS. \u003ca href='https://auth0.com/passwordless' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e \u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cb\u003eStronger authentication = Stronger brand perception\u003c/b\u003e\u003cbr /\u003e\u003cspan\u003eStronger authentication directly translates into trust and trust, in turn, impacts a customer’s perception of the brand. Auth0’s context-aware MFA technology adapts to the login environment and delivers advanced security features to protect the customer’s privacy. \u003ca class='case-study-link' href='https://auth0.com/docs/multifactor-authentication' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e \u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cb\u003eCustomize with Hooks\u003c/b\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003eOur solution would be incomplete if it did not offer the flexibility of customization. Auth0 Hooks enables you to customize the registration process to your unique business needs with conditional workflows at every single digital touchpoint.\u003c/span\u003e \u003ca class='case-study-link' href='https://auth0.com/docs/hooks/overview' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/p\u003e"},{"title":"Single View Of the Customer","description":"\u003cp\u003e\u003cb\u003e\u003ci\u003eEmbracing a unified commerce strategy to empower all stakeholders\u003c/i\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003eDigital transformation projects are taking place across the retail industry and unifying internal operational and marketing processes behind a single view of the customer is becoming a critical area of focus. Retailers are faced with the mounting challenge to stay ahead, have a single dialogue with the customer and keep up with promises regarding service.\u003c/p\u003e\u003cp\u003e\u003cspan\u003eWelcome to the age of unified commerce, and it all starts with the digital identity. With a unified view of the customer, enterprise teams can consolidate various data sources to deliver a consistent brand experience at each touchpoint.\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cb\u003eCentralized Identity Management\u003c/b\u003e \u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003eUnified commerce begins with a single digital identity, and Auth0 delivers a flexible user store directory model. You can host your directory in the highly secure Auth0 server, use your existing directory or migrate users to the Auth0 database without requiring a password reset. \u003ca class='case-study-link' href='https://auth0.com/docs/connections/database' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u003cimg loading='lazy' class='alignnone size-full wp-image-1940' src='https://images.ctfassets.net/kbkgmx9upatd/6ru9abuk7GBSgr4Mukijnh/ea2015f6506a3a1b2122ecc1a1554335/Single-View-Of-the-Customer-v2.png' alt='Single View Of the Customer' /\u003eTrue Omnichannel Experience\u003c/b\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003eEnable a single sign-on experience across all your brands irrespective of the channel or identity provider the customer decides to use both in-store or over the web. The Auth0 database acts as a single source of truth consolidating all identities into one user profile. \u003ca class='case-study-link' href='https://auth0.com/docs/connections' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cb\u003eIntegrations\u003c/b\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003eLeverage actionable data for personalized targeting and growth. Customized integrations with marketing platforms and advertising networks allow for better-targeted campaigns and in-app advertisements. \u003ca class='case-study-link' href='https://auth0.com/blog/5-killer-email-strategies-for-lifecycle-marketing/' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/span\u003e\u003c/p\u003e"},{"title":"Marks and Spencer Case Study","description":"\u003ca href='https://auth0.com/case-studies/marks-spencer' target='_blank' rel='noopener noreferrer'\u003e\u003cimg loading='lazy' class='alignnone size-full wp-image-1943' src='https://images.ctfassets.net/kbkgmx9upatd/51Dd2vqIKUacXFFCuHFIan/a0e648ac4d62aaabb3511726885d26bf/Case-Study-2-Marks-Spencer.png' alt='Retail case Study 2- Marks \u0026amp; Spencer' /\u003e\u003c/a\u003e"},{"title":"Personalize the shopping experience","description":"\u003cp\u003e\u003cb\u003e\u003ci\u003eBuilding brand loyalty with millennials, one identity at a time.\u003c/i\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003eMillennials, the most sought after audience among retailers today, have grown up in the digital age and technology has played a significant role in shaping their identities. In contrast to the perception that Millennials lack brand loyalty, research has shown that millennials can be extremely loyal when they are treated as valued customers. They demand a customer-centric shopping experience, and they expect brands to approach them with personalized content that is suited to their needs.\u003c/p\u003e\u003cp\u003e\u003cspan\u003eKnowing your customer begins with registration but to transform a browser to a buyer, you need to progressively learn about the customer and deepen your engagement at every interaction. At Auth0, our goal is not only to enable you to create a 360-degree view of the customer but also to build brand advocates who will act as influencers and drive more traffic to your site or store. \u003c/span\u003e\u003c/p\u003e"},{"title":"","description":"\u003cdiv style='display: flex'\u003e\u003cdiv\u003e\u003cb\u003eMake Social Data Work For You\u003c/b\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003eSocial login simplifies registration, but when combined with Auth0’s rules feature, it delivers unlimited flexibility providing the deepest insights about the customer’s preferences. \u003ca class='case-study-link' href='https://auth0.com/learn/b2c-delight-your-customers-with-auth0/' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cb\u003eLink Multiple Social Accounts\u003c/b\u003e\u003cbr\u003e\u003cspan\u003eAuth0’s account linking feature enables you to link multiple social identities to one profile. This feature helps in building a richer profile based on first-party identity data and enhances social engagement at all levels. \u003ca class='case-study-link' href='https://auth0.com/docs/link-accounts' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cb\u003eProgressive Profiling\u003c/b\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e86% of users say overly long forms make them quit on registrations, and reducing form fields from 11 to 4 increases conversion rates by 120%. So, progressively profile your customers at key digital touchpoints and slowly build out the customer’s profile over time. \u003ca class='case-study-link' href='https://auth0.com/blog/progressive-profiling/' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cb\u003eBoost Lifecycle Marketing\u003c/b\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003ePersonalize your onboarding process and enhance customer retention by encouraging critical behaviors using out-of-the-box email targeting templates or seamlessly integrate with other marketing automation programs using Auth0 Hooks. \u003ca class='case-study-link' href='https://auth0.com/blog/5-killer-email-strategies-for-lifecycle-marketing/' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e \u003c/span\u003e\u003c/div\u003e\u003cdiv class='module-content col-md-5' style='text-align: center !important'\u003e\u003cvideo src='https://embed-ssl.wistia.com/deliveries/fb1dc91b7fcfc87d181b66f4a952715b6def494d/b2c-video.mp4' poster='https://cdn2.auth0.com/website/assets/pages/b2c/img/b2c-videoposter-3d05c8c3ac.png' autoplay='autoplay' loop='loop' width='350' height='400'\u003e\u003c/video\u003e\u003c/div\u003e\u003c/div\u003e"},{"title":"Simplify Partner Collaboration","description":"\u003cp\u003e\u003cb\u003e\u003ci\u003eExpand your ecosystem and meet the ever-changing needs of your customers.\u003c/i\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003eThe retailer ecosystem is evolving, and retailers are increasingly collaborating with partners and suppliers to support the ever changing needs customers. B2B focused third-party integration into your workflow can open up potential areas for data breaches and pose a significant risk to your enterprise. In addition to faster integrations where partners can just click and connect using SSO, IT teams have to deliver a secure environment with best-in-class security protocols and user management policies.\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe extended enterprise model is today’s reality, and with Auth0, IT teams are empowered to deliver quick federated access for partner companies, minimize administrative overhead, and stay compliant with industry-leading identity management protocols.\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cb\u003eFrictionless Federation\u003c/b\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003eFederate with ease and simplify onboarding and offboarding partner companies using industry-leading protocols. Further, do this at scale by setting up as many Active Directory, PingFederate, LDAP, or even a custom SAML-P providers for as many users as needed. \u003ca href='https://auth0.com/docs/identityproviders#enterprise' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003e \u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cb\u003eSingle Sign-On\u003c/b\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003eIntegrate Single Sign-On (SSO) for both partners and internal employees from the get-go. SSO authentication gives your users a seamless experience as they navigate through your internal and third party applications. \u003ca class='case-study-link' href='https://auth0.com/learn/how-to-implement-single-sign-on/' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e \u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cb\u003eAPI-Based Authentication\u003c/b\u003e\u003cspan\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan\u003eThe omnichannel experience starts with collaboration and retailers have to expose critical backend processes such as inventory management systems to key suppliers and partners. Secure your APIs with advanced identity management protocols and collaborate with ease. \u003ca class='case-study-link' href='https://auth0.com/docs/api-auth/grant/authorization-code' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/span\u003e\u003c/p\u003e"},{"title":"Compliance, Security, and Scale","description":"\u003cp\u003e\u003cb\u003e\u003ci\u003e\u003ca href='https://auth0.com/security' target='_blank' rel='noopener noreferrer'\u003e\u003cimg loading='lazy' class='alignnone size-full wp-image-1941' src='https://cdn2.auth0.com/website/learn/assets/compliance-standars.png' alt='Compliance, Security, and Scale' /\u003e\u003c/a\u003eDeliver a great user experience without sacrificing security.\u003c/i\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003eRetail data breaches make front line news, and in addition to being a PR nightmare, can severely erode brand equity. It goes without saying that customer data security and compliance is top of mind in most retail boardrooms. Auth0 has built state-of-the-art security into our product, so you can take advantage of cutting-edge features designed to make protecting your users and business worry-free.\u003c/p\u003e\u003cp\u003e\u003cb\u003eIndustry Standard Protocols\u003c/b\u003e\u003cbr /\u003e\u003cspan style='font-weight: 400;'\u003eIncrease consistency and continuity in your business operations and execution by adopting an identity platform that supports industry-wide authentication standards like OAuth and OpenID Connect. \u003ca class='case-study-link' href='https://auth0.com/learn/how-auth0-uses-identity-industry-standards/' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eCompliance and Certifications\u003c/b\u003e\u003cbr /\u003e\u003cspan style='font-weight: 400;'\u003eCompliance with leading organizations including SOC2, GDPR, OpenID Connect, and others. \u003ca class='case-study-link' href='https://auth0.com/security' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eInfrastructure-as-a-Service: On-Premise, In Cloud\u003c/b\u003e\u003cbr /\u003e\u003cspan style='font-weight: 400;'\u003eHost your application in the Auth0 cloud, in your cloud, or on-premises in your data center. Our highly-available multi-tenant cloud service can handle over 1 billion transactions daily. \u003ca class='case-study-link' href='https://auth0.com/docs/overview/deployment-models' target='_blank' rel='external noopener noreferrer'\u003eLearn More\u003c/a\u003e\u003c/span\u003e\u003c/p\u003e"}]},{"id":"b2c-delight-your-customers-with-auth0","title":"Delight Your Customers With Auth0","description":"For consumer-facing companies, a great user experience is key. Learn how you can deliver a pain-free login process and cater to your customers' desires with social data using Auth0.","category":"industries","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/3YDkrFBgODwTQpFbwN4si7/56f1ff8776d76e24877afc9eb9304195/delight-customers.png","mimeType":"image/png"},"content":[{"title":"It Starts With Knowing Your Customers","description":"\u003cp\u003eIs the authentication process for your application working for or against you? Many companies are still using simple username and password login, and this has many limitations.\u003c/p\u003e\u003cp\u003eThe good news is that Auth0 is here to help you put your customer data to work. Not only does Auth0 make authentication simple and pain-free for your developers, but when you use features like \u003ca href='#knowing-your-customers'\u003esocial authentication\u003c/a\u003e and \u003ca href='#get-user-data'\u003erules\u003c/a\u003e, you\u0026#8217;ve got the tools to build robust profiles for your customers. When you have data on what your customers\u0026#8217; preferences are, you have the keys to market to them in a much more powerful way.\u003c/p\u003e\u003cp\u003eYour users expect a great experience in your application, and with Auth0 you can make the authentication process for them very smooth. Our \u003ca href='#you-had-me-at-login'\u003eLock\u003c/a\u003e widget is battle-tested and backed by data, which means your users get only the best.\u003c/p\u003e\u003cp\u003eReady to learn more? \u003ca href='#knowing-your-customers'\u003eRead on\u003c/a\u003e for more or \u003ca href='#world-class-support'\u003eget in touch\u003c/a\u003e.\u003c/p\u003e"},{"title":"Knowing Who Your Customers are Means Knowing How to Sell to Them","description":"\u003cp\u003e\u003cspan\u003eTypical marketing methods are fairly straightforward when it comes down to it: craft some general purpose material, send it to prospects or existing customers en masse, and hope for the best. It’s easy to see that this method can only be marginally effective at best. After all, each of your customers and prospects is a unique individual with their own hopes, fears, and dreams, so they can’t all respond to your offer in a positive way. What if we could do better? The good news is that we can.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003eThe Benefits of Social Data\u003c/h3\u003e\u003cp\u003e\u003cspan\u003eSocial data is allowing many companies to get to know their customers in a better and more meaningful way than ever before. When a user chooses to authenticate to your application with a social provider like Facebook, Google, or Twitter, you have a choice over which pieces of their social profile you’d like to request they disclose. When this data is shared with you, it allows you to enrich the profiles you hold for your customers, which opens up a lot of possibilities for targeted marketing.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eAre you selling women’s clothing that you know is most popular amongst 25 \u0026#8211; 34 year olds in Europe? With the enriched user profile information you get from social providers, you have tools to offer your products directly to this specific segment and not waste any effort marketing to those who likely won’t be interested.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003eSocial Data is Easy with Auth0\u003c/h3\u003e\u003cp\u003e\u003cspan\u003eImplementing social login and collecting profile information can be challenging when it needs to be done from scratch, but with Auth0 it’s as easy as flipping a switch. You can use any social provider you want and can easily specify which pieces of information you’d like your customers to disclose.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003eSend Data to Third Party Applications\u003c/h3\u003e\u003cp\u003e\u003cspan\u003eAuth0 also allows you to send user data to any third party application you like, which means you can use whichever tools you want to analyze your data. We provide you with a robust rules engine that allows you to write custom JavaScript to augment the authentication pipeline. Want to send your user data to an app like \u003ca href='http://fullcontact.com'\u003eFullContact\u003c/a\u003e\u003c/span\u003e\u003cspan style='font-weight: 400;'\u003e to enrich your customer profiles? This can be done seamlessly with rules. In fact, we’ve already written this particular rule, and many others, for you. You can also use predefined rules to integrate with apps like \u003ca href='https://auth0.com/docs/scenarios/mixpanel-fullcontact-salesforce'\u003eMixpanel, Salesforce\u003c/a\u003e and many others.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCustomer identity is key, and with Auth0 it’s easy.\u003c/strong\u003e\u003c/p\u003e"},{"title":"Get User Data while Keeping Your Customers Happy","description":"\u003cp\u003e\u003cspan\u003eAs an application user, few things are worse than needing to fill out a gigantic web form when signing up. However, getting good user data is a requirement for businesses to both stay competitive and to meet basic user information requirements. The good news is that you can use \u003ca href='https://auth0.com/blog/2016/04/18/progressive-profiling/'\u003eprogressive profiling\u003c/a\u003e as a better, less invasive way to get the data you need, all while keeping your customers happy.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eProgressive profiling is a way to collect small amounts of user information over time. Instead of requesting that users provide everything at once, you instead prompt them to answer just one or two questions each time they log in. If you’ve ever used LinkedIn, you’ve likely seen progressive profiling at work already. With LinkedIn, you’re not forced to provide every conceivable piece of information all at one time, but rather you answer questions over time.\u003cbr /\u003e\u003c/span\u003e\u003cbr /\u003e\u003cspan\u003eWith Auth0, you’ve got full control over your users’ profiles. This means you can check what information you’ve already collected for your users and prompt them to answer anything that is missing each time they authenticate in your applications. This means you get all the data you need, all while providing your customers with a frictionless experience. \u003c/span\u003e\u003c/p\u003e"},{"title":"You Had Me at “Login”","description":"\u003cp\u003e\u003cspan\u003eYou want to drive customers to your website or application because that’s what grows your business, but let’s face it: the market is getting more and more crowded all the time. That’s why providing your users with a great experience is becoming increasingly important and it’s one of the main reasons that some apps thrive while others don’t. After all, when friction is experienced anywhere in your app, it can quickly lead users to look for something better.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eWhen thinking about UX, it might be tempting to consider only what your users see and interact with once they are inside your application. However, a \u003c/span\u003e\u003cb\u003egreat\u003c/b\u003e\u003cspan\u003e UX starts even before that at the very first place they get to: \u003cstrong\u003ethe login box\u003c/strong\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eWhen you use Auth0, you get our beautifully designed and thoroughly battle-tested login widget called \u003ca href='https://auth0.com/lock'\u003eLock\u003c/a\u003e\u003c/span\u003e\u003cspan\u003e. Providing end users with a great experience was the priority when we developed Lock, which you get to pass on to your customers directly. Not only is Lock nice to look at, but the way it functions is backed by data. For example, we did some testing and achieved a 40% increase in our own signup conversion rate simply by changing the social login buttons to show text instead of just an icon. We want you to benefit from our findings, so we changed Lock’s default settings to have full-text social login buttons enabled for all users out of the box.\u003c/span\u003e\u003cbr /\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/lock-presentation.png' alt='AUTH0 AN IDENTITY PLATFORM THAT GOES BEYOND THE LOGIN BOX' /\u003e\u003c/p\u003e"},{"title":"Authentication is More than a Username and Password","description":"\u003cp\u003e\u003cspan\u003eMost people are accustomed to entering a username and password when they use applications, and in some ways, it might seem like that’s all that is needed for a proper authentication system. Sticking to username and password authentication might be fine for the simplest of apps, but what happens when your application grows and you want to take advantage user identity to drive your business? There are so many opportunities for making use of customer data that are often passed up because companies only have a simple username and password authentication setup.\u003cbr /\u003e\u003c/span\u003e\u003cbr /\u003e\u003cspan\u003eWith Auth0, you can use username and password authentication if you like, but it doesn’t stop there. At the flip of a switch, you can enable social login with Facebook, Google, Twitter, or any other provider. This opens up a whole new set of possibilities for driving your business growth with user data. If you find that you don’t need social login for you apps, you can just turn it off. With Auth0, the option is yours.\u003c/span\u003e\u003c/p\u003e"},{"title":"Give Your Customers a Unified Authentication Experience","description":"\u003cp\u003e\u003cspan style='font-weight: 400;'\u003eMarketing and selling to consumers often means competing for their time and attention, and that’s why it’s important that your customers are able to access all of your applications quickly and easily. Unfortunately, this becomes harder to do as your company grows and adds more and more applications to the mix. Often times a unique user base gets created for each application, and this means that your customers will need a different set of credentials for each one. This is problematic because it slows your users down. More than that though, many users have come to expect a unified authentication experience everywhere on the web since companies like Google provide it across all of their applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-weight: 400;'\u003eAuth0 lets you get rid of this pain completely when you implement \u003c/span\u003e\u003cb\u003esingle sign-on (SSO)\u003c/b\u003e\u003cspan\u003e. With your applications authenticating against a central SSO service, your users only need one set of credentials to log in to each of your apps. This is a huge benefit for your entire organization and is a great user experience improvement because it immediately reduces the friction your customers encounter when using your applications. Less friction = better business.\u003c/span\u003e\u003c/p\u003e"},{"title":"Take the Pain out of Compliance Reporting","description":"\u003cp\u003e\u003cspan\u003eCompliance reporting is a necessity for many modern businesses, even those operating solely in the B2C space. Whatever the reporting requirements placed on you may be, setting your system up to send user data to a third party can be a big pain. If you have a need to report user activities such as login frequency or location, custom-built systems can be difficult and time-consuming to implement.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eWith Auth0 you can tap directly into a sophisticated rules engine which allows you to customize the user authentication pipeline however you like. Need to send user data to a REST endpoint when your users log in? No problem. Auth0’s rules engine allows you to write any custom JavaScript you like. This means you can send your users’ information to a third party as part of the authentication process, all with a little bit of custom code.\u003c/span\u003e\u003c/p\u003e"},{"title":"Big Events Require Big Scalability","description":"\u003cp\u003e\u003cspan\u003eA strong sales funnel throughout the whole year is great, but sometimes it can be even better to hold special events. Perhaps you have a large single-day promotion that draws a lot of attention, or you take part in black Friday and see a huge uptick in traffic on that single day. Large-scale unique events such as these are the norm, especially in consumer-facing industries, but is your system ready to handle all that traffic?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eAuth0 provides you a truly web-scale platform that can handle in excess of 11,000 authentication requests per second. This means you can rest assured that logging into your website or app will not be a challenge for anyone on your big event day.\u003c/span\u003e\u003c/p\u003e"},{"title":"World-Class Support","description":"Auth0 wants to make sure you have all the tools and help you need as you prepare to deliver an excellent customer experience with your apps. That\u0026#8217;s why we\u0026#8217;re here to serve you with world-class support. Your developers will be in direct contact with our Customer Success Engineers as you develop and deploy your applications, and no matter what the issue is, we\u0026#8217;re just a click or a call away."}]},{"id":"telecommunications-industry","title":"For the Telecommunications Industry, Identity Matters","description":"Join other telecommunications players that leverage identity to engage their customers","category":"industries","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/3XqK7RqcOjrrUyBgbrGz1W/441ac6097ac3c7b5894efc72c16f7eff/telecommunications.png","mimeType":"image/png"},"content":[{"title":"The Telecommunications Industry is Undergoing a Digital Transformation","description":"If your organization is moving into the digital space, then you know how important mobile and social interactions are for understanding your customers. The digital transformation means there are new ways of offering them products and services directly, and identity information is a key part of doing this effectively."},{"title":"Auth0: An Identity Platform that Goes Beyond the Login Box","description":"\u003cp\u003e\u003cspan\u003eWith Auth0, authentication and identity for your customers is simple. They can use any identity provider and can log in just once to be authenticated securely to all your applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eIdentity is about more than a username though; building a clear picture of who your customers are is vital for engagement. Auth0 lets you leverage identity data to better understand your customers, which is key for a deeper relationship with them.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eAuth0 gives you all the modern authentication features that are vital for a smooth and secure experience for mobile users, including:\u003c/p\u003e\u003cul\u003e\u003cli\u003eSMS Gateway Integration\u003c/li\u003e\u003cli\u003e\u003ca href='https://auth0.com/learn/multifactor-authentication/' target='_blank' rel='noopener noreferrer'\u003eMultifactor Authentication\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href='https://auth0.com/learn/how-to-implement-single-sign-on/' target='_blank' rel='noopener noreferrer'\u003eSingle Sign-On\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href='https://auth0.com/passwordless' target='_blank' rel='noopener noreferrer'\u003ePasswordless Login\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href='https://auth0.com/learn/social-login/' target='_blank' rel='noopener noreferrer'\u003eSocial Authentication\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href='https://auth0.com/security' target='_blank' rel='noopener noreferrer'\u003eAnomaly Detection\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/lock-presentation.png' alt='AUTH0 AN IDENTITY PLATFORM THAT GOES BEYOND THE LOGIN BOX' /\u003e\u003c/p\u003e"},{"title":"Mobile Users are Smart","description":"\u003cp\u003eMobile users are always on the lookout for the best deals. Unfortunately, this often means that their SIM cards get switched out when they move to a new carrier, and your data about them gets lost in the shuffle.\u003c/p\u003e\u003cp\u003eWith Auth0 you can easily have your customers access their accounts using their social profiles that come from Facebook, Twitter, and other providers. This means that their identity is no longer tied to a SIM card, and when they switch between carriers, their identity and customer history stay put with you. When you welcome them back, it\u0026#8217;s as if they never left.\u003c/p\u003e"},{"title":"Test Your Hypotheses Quickly","description":"\u003cp\u003eWhen you ramp up to test your digital strategy, every minute counts. This means that you need to be up and running with a robust authentication and social identity implementation quickly.\u003c/p\u003e\u003cp\u003eIntegrating Auth0 into your system is fast. Not only will our documentation cover everything you need to know, but our engineers are on standby to personally help you get things up and running. When time is of the essence, we\u0026#8217;ve got you covered.\u003c/p\u003e"},{"title":"Authentication Without the Fuss","description":"\u003cp\u003eYour mobile customers expect a smooth authentication experience in all of their interactions and it would be a shame to have them enter a username and password every time they need to authenticate.\u003c/p\u003e\u003cp\u003eWith Auth0, passwordless authentication is available at the flip of a switch. This means your customers can have a smooth experience in your apps on their mobile devices with little to no implementation effort on your part. You can also integrate passwordless authentication with your existing SMS network quickly, meaning that no-fuss authentication is covered from all angles.\u003c/p\u003e"},{"title":"Auth0 Helps Companies Leverage Customer Identity","description":"Companies in many different industries trust Auth0 as a secure and simple identity platform. We’ve helped some major telecommunications players leverage identity for their millions of customers so that they can better engage with them, including PLDT/Smart Communications and Telkomsel."},{"title":"Superb Documentation","description":"\u003cp\u003eTechnical solutions can only really be useful if one knows how to use them, and that requires clear communication. At Auth0 we take great care in providing thorough documentation for every aspect of our product that never leaves your developers guessing.\u003c/p\u003e\u003cp\u003eMaking identity and authentication simple for developers starts with providing clear and comprehensive information with plenty of code samples, but it doesn\u0026#8217;t stop there. We go beyond the technical details by providing a catalog of information resources and articles for non-technical audiences as well. Whether you\u0026#8217;re an experienced engineer looking for documentation for our API, or you want to know the basics of how features like multi-factor authentication work, our docs have you covered.\u003c/p\u003e"},{"title":"World-Class Support","description":"Time is of the essence when it comes to implementing your digital strategy and that\u0026#8217;s why we\u0026#8217;re here to help with world-class support. Your developers will be in direct contact with our Customer Success Engineers as you get ready to launch. No matter what the issue is, we\u0026#8217;re just a click or a call away."},{"title":"Ready to Learn More? Let's Talk!","description":"\u003cp\u003eAre you moving into digital business and wanting to understand your customers more with social? Our expertise in identity can help you discover more about your customers. Let’s talk about how we can make this happen for you!\u003c/p\u003e\u003cp\u003eGet in touch with the contact form below and register for our \u003ca href='https://attendee.gotowebinar.com/register/223272702553987844'\u003eCustomer Identity for Telecommunications webinar\u003c/a\u003e.\u003c/p\u003e"}]},{"id":"json-web-tokens","title":"Get Started with JSON Web Tokens","description":"All you wanted to know about JSON Web Tokens but were afraid to ask.","category":"concepts","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/6E4gdxqqmafg9Usjz9etTU/bc93ad8e3cea217c3de390239ff34c8c/jwt-hero.png","mimeType":"image/png"},"content":[{"title":"What is JSON Web Token?","description":"\u003cp\u003e\u003cstrong\u003eJSON Web Token (JWT)\u003c/strong\u003e is an open standard (\u003ca href='https://tools.ietf.org/html/rfc7519'\u003eRFC 7519\u003c/a\u003e) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with \u003cstrong\u003eHMAC\u003c/strong\u003e algorithm) or a public/private key pair using \u003cstrong\u003eRSA\u003c/strong\u003e.\u003c/p\u003e\u003cp\u003eLet\u0026#8217;s explain some concepts of this definition further.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eCompact\u003c/strong\u003e: Because of its size, it can be sent through an URL, POST parameter, or inside an HTTP header. Additionally, due to its size its transmission is fast.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eSelf-contained\u003c/strong\u003e: The payload contains all the required information about the user, to avoid querying the database more than once.\u003c/li\u003e\u003c/ul\u003e\u003cdiv class='new-banner' style='background-color: #f5f7f9; width: 100%; display: flex; flex-direction: row; justify-content: center; align-items: center; border-radius: 3px; box-shadow: 0px 4px 8px rgba(0,0,0,0.15); margin: 60px 0 20px 0;'\u003e\u003cdiv class='new-banner-text' style='width: 50%; padding-left: 40px; font-size: 24px; color: #333333; text-align: initial; font-weight: 500; line-height: normal;'\u003eInterested in getting up-to-speed with JWTs as soon as possible? \u003ca class='wow btn btn-lg btn-success js-try new-banner-button' style='margin-top: 24px; font-weight: bold; background: #00B9F1;' href='https://auth0.com/resources/ebooks/jwt-handbook'\u003eDOWNLOAD THE FREE EBOOK\u003c/a\u003e\u003c/div\u003e\u003cp style='margin: 0;'\u003e\u003cimg class='new-banner-image' style='margin: 0; height: 260px;' src='https://images.ctfassets.net/kbkgmx9upatd/7C5klmm5jbofXg0bbnNySP/77efa118327f001bf28ef7c2f7c14bed/token-1.png' alt='ipad pro handbook' /\u003e\u003c/p\u003e\u003c/div\u003e"},{"title":"When should you use JSON Web Tokens?","description":"\u003cp\u003eThese are some scenarios where JSON Web Tokens are useful:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eAuthentication\u003c/strong\u003e: This is the typical scenario for using JWT, once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Single Sign On is a feature that widely uses JWT nowadays, because of its small overhead and its ability to be easily used among systems of different domains.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eInformation Exchange\u003c/strong\u003e: JWTs are a good way of securely transmitting information between parties, because as they can be signed, for example using a public/private key pair, you can be sure that the sender is who they say they are. Additionally, as the signature is calculated using the header and the payload, you can also verify that the content hasn\u0026#8217;t changed.\u003c/li\u003e\u003c/ul\u003e"},{"title":"Which is the JSON Web Token structure?","description":"\u003cp\u003eJWTs consist of three parts separated by dots (\u003ccode\u003e.\u003c/code\u003e), which are:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eHeader\u003c/strong\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003ePayload\u003c/strong\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eSignature\u003c/strong\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTherefore, a JWT typically looks like the following.\u003c/p\u003e\u003cp\u003e\u003ccode\u003exxxxx.yyyyy.zzzzz\u003c/code\u003e\u003c/p\u003e\u003cp\u003eLet\u0026#8217;s break down the different parts.\u003c/p\u003e\u003ch3 id='header' class='anchor-heading'\u003eHeader\u003c/h3\u003e\u003cp\u003eThe header \u003cem\u003etypically\u003c/em\u003e consists of two parts: the type of the token, which is JWT, and the hashing algorithm such as HMAC SHA256 or RSA.\u003c/p\u003e\u003cp\u003eFor example:\u003c/p\u003e\u003cpre\u003e{\n 'alg': 'HS256',\n 'typ': 'JWT'\n}\u003c/pre\u003e\u003cp\u003eThen, this JSON is \u003cstrong\u003eBase64Url\u003c/strong\u003e encoded to form the first part of the JWT.\u003c/p\u003e\u003ch3 id='payload' class='anchor-heading'\u003ePayload\u003c/h3\u003e\u003cp\u003eThe second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional metadata. There are three types of claims: \u003cem\u003ereserved\u003c/em\u003e, \u003cem\u003epublic\u003c/em\u003e, and \u003cem\u003eprivate\u003c/em\u003e claims.\u003c/p\u003e\u003cul\u003e\u003cli style='list-style-type: none;'\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eReserved claims\u003c/strong\u003e: These are a set of predefined claims, which are not mandatory but recommended, thought to provide a set of useful, interoperable claims. Some of them are: \u003cstrong\u003eiss\u003c/strong\u003e (issuer), \u003cstrong\u003eexp\u003c/strong\u003e (expiration time), \u003cstrong\u003esub\u003c/strong\u003e (subject), \u003cstrong\u003eaud\u003c/strong\u003e (audience), among others.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cblockquote\u003e\u003cp\u003eNotice that the claim names are only three characters long as JWT is meant to be compact.\u003c/p\u003e\u003c/blockquote\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003ePublic claims\u003c/strong\u003e: These can be defined at will by those using JWTs. But to avoid collisions they should be defined in the IANA JSON Web Token Registry or be defined as a URI that contains a collision resistant namespace.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003ePrivate claims\u003c/strong\u003e: These are the custom claims created to share information between parties that agree on using them.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAn example of payload could be:\u003c/p\u003e\u003cpre\u003e{\n 'sub': '1234567890',\n 'name': 'John Doe',\n 'admin': true\n}\u003c/pre\u003e\u003cp\u003eThe payload is then \u003cstrong\u003eBase64Url\u003c/strong\u003e encoded to form the second part of the JWT.\u003c/p\u003e\u003ch3 id='signature' class='anchor-heading'\u003eSignature\u003c/h3\u003e\u003cp\u003eTo create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.\u003c/p\u003e\u003cp\u003eFor example if you want to use the HMAC SHA256 algorithm, the signature will be created in the following way.\u003c/p\u003e\u003cpre\u003eHMACSHA256(\n base64UrlEncode(header) + '.' +\n base64UrlEncode(payload),\n secret)\u003c/pre\u003e\u003cp\u003eThe signature is used to verify that the sender of the JWT is who it says it is and to ensure that the message was\u0026#8217;t changed in the way.\u003c/p\u003e\u003ch3 id='putting-all-together' class='anchor-heading'\u003ePutting all together\u003c/h3\u003e\u003cp\u003eThe output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact compared to XML-based standards such as SAML.\u003c/p\u003e\u003cp\u003eThe following shows a JWT that has the previous header and payload encoded and it is signed with a secret.\u003c/p\u003e\u003cp\u003e\u003cimg src='https://cdn2.auth0.com/content/jwt/encoded-jwt4.png' alt='An encoded JWT' /\u003e\u003c/p\u003e\u003cp\u003eYou can browse to \u003ca href='http://jwt.io/'\u003ejwt.io\u003c/a\u003e where you can play with a JWT and put these concepts in practice. \u003ca href='http://jwt.io/'\u003ejwt.io\u003c/a\u003e allows you to decode, verify and generate JWT.\u003c/p\u003e"},{"title":"How JSON Web Tokens work?","description":"\u003cp\u003eIn authentication, when the user successfully logs in using their credentials, a JSON Web Token will be returned. Since tokens are credentials, great care must be taken to prevent security issues. In general, you should not keep tokens longer than required.\u003c/p\u003e\u003cp\u003eYou also \u003ca href='https://cheatsheetseries.owasp.org/cheatsheets/HTML5_Security_Cheat_Sheet.html#local-storage'\u003eshould not store sensitive session data in browser storage due to lack of security\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eWhenever the user wants to access a protected route, it should send the JWT, typically in the \u003cstrong\u003eAuthorization\u003c/strong\u003e header using the \u003cstrong\u003eBearer\u003c/strong\u003e schema. Therefore the content of the header should look like the following.\u003c/p\u003e\u003cp\u003e\u003ccode\u003eAuthorization: Bearer \u0026lt;token\u0026gt;\u003c/code\u003e\u003c/p\u003e\u003cp\u003eThis is a stateless authentication mechanism as the user state is never saved in the server memory. The server\u0026#8217;s protected routes will check for a valid JWT in the Authorization header, and if there is, the user will be allowed. As JWTs are self-contained, all the necessary information is there, reducing the need of going back and forward to the database.\u003c/p\u003e\u003cp\u003eThis allows to fully rely on data APIs that are stateless and even make requests to downstream services. It doesn\u0026#8217;t matter which domains are serving your APIs, as Cross-Origin Resource Sharing (CORS) won\u0026#8217;t be an issue as it doesn\u0026#8217;t use cookies.\u003cbr /\u003e\u003cimg loading='lazy' class='alignnone wp-image-2119 size-full' src='https://images.ctfassets.net/kbkgmx9upatd/2qcBkSHR7Rfs0UIZYhjd7k/b428b00508dca46d67f48c81019cdcc8/jwt-diagram.png' alt='How JSON Web Tokens Work' /\u003e\u003c/p\u003e"},{"title":"Why should you use JSON Web Tokens?","description":"\u003cp\u003eLet\u0026#8217;s talk about the benefits of \u003cstrong\u003eJSON Web Tokens (JWT)\u003c/strong\u003e comparing it to \u003cstrong\u003eSimple Web Tokens (SWT)\u003c/strong\u003e and \u003cstrong\u003eSecurity Assertion Markup Language Tokens (SAML)\u003c/strong\u003e.\u003c/p\u003e\u003cp\u003eAs JSON is less verbose than XML, when it is encoded its size is also smaller; making JWT more compact than SAML. This makes JWT a good choice to be passed in HTML and HTTP environments.\u003c/p\u003e\u003cp\u003eSecurity-wise, SWT can only be symmetric signed by a shared secret using the HMAC algorithm. While JWT and SAML tokens can also use a public/private key pair in the form of a X.509 certificate to sign them. However, signing XML with XML Digital Signature without introducing obscure security holes is very difficult compared to the simplicity of signing JSON.\u003c/p\u003e\u003cp\u003eJSON parsers are common in most programming languages, because they map directly to objects, conversely XML doesn\u0026#8217;t have a natural document-to-object mapping. This makes it easier to work with JWT than SAML assertions.\u003c/p\u003e\u003cp\u003eRegarding usage, JWT is used at an Internet scale. This highlights the ease of client side processing of JWTs on multiple platforms, especially, mobile.\u003cbr /\u003e\u003cimg src='https://cdn2.auth0.com/website/learn/assets/jwt-sample.png' alt='Json web token sample' /\u003e\u003c/p\u003e"},{"title":"How we use JSON Web Tokens in Auth0?","description":" \u003cp\u003eIn Auth0, we issue JWTs as a result of the authentication process. When the user logs in using Auth0, a JWT is created, signed, and sent to the user. Auth0 supports signing JWT with both HMAC and RSA algorithms. This token will be then used to authenticate and authorize with APIs which will grant access to their protected routes and resources.\u003c/p\u003e\u003cp\u003eWe also use JWTs to perform authentication and authorization in Auth0\u0026#8217;s API v2, replacing the traditional usage of regular opaque API keys. Regarding authorization, JSON Web Tokens allow granular security, that is the ability to specify a particular set of permissions in the token, which improves debuggability.\u003c/p\u003e"}]},{"id":"real-estate","title":"Better, Easier Identity Management for Real Estate Companies","description":"Deliver a pain-free login process and meet compliance mandates quickly and easily.","category":"industries","image":{"url":"https://images.ctfassets.net/kbkgmx9upatd/7MbCEmsNqmotPm28sOrJWq/cdc709deeb75c437222cb768ad99547c/office_R_white.png","mimeType":"image/png"},"content":[{"title":"Modern Identity Management \u0026 Real Estate","description":"\u003cimg src='https://images.ctfassets.net/kbkgmx9upatd/wYtCbG4lhRRGWJiQLhYMu/d3f590947c8b301e4fd6670d724931f3/Openid_connect_logo_high-1.png' alt='OpenID connect logo' style='marginBottom:25px;' /\u003e\u003cp\u003eAt the Real Estate Standards Organization’s (RESO) annual conference in Nashville this October, identity authentication was the topic of focus. The real estate sector is quickly adopting to modern identity practices to lower risk, provide a better user experience and modernize their platforms. Specifically, any listing services affiliated with National Association of REALTORS® require adoption of the RESO Web API. The RESO Web API specifies that authentication is performed with \u003ca href='https://auth0.com/blog/how-real-state-companies-can-implement-open-id-connect-with-auth0/' target='__blank'\u003eOpenID Connect\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eOpenID Connect is an authentication layer that sits on top of the widely used OAuth 2.0 authorization standard. OpenID Connect extends the same kind of security that large enterprises have been using for years as an open standard that any organization can adopt.\u003c/p\u003e"},{"title":"How to implement OpenID Connect","description":"\u003cdiv style='background-color: #44c7f4; margin-bottom: 25px;'\u003e\u003cdiv\u003e\u003cimg style='width: 20%; padding: 50px 0' alt='National Association of REALTORS®' src='https://images.ctfassets.net/kbkgmx9upatd/NQf2kKJbYiaCUKgGcWAwk/49b01cd25c8c6e073d05599e25563937/about-openid.svg'\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eYou have two options for adopting OpenID Connect: internal development or using vendor solution. If you have internal developers, OpenID Connect can be integrated by developers, however, Auth0 supports OpenID Connect out-of-the-box, making adoption faster and easier. There’s no need to spend a month writing your own provider and getting it compliant.\u003c/p\u003e\u003cp\u003eAuth0 is as close to plug-and-play as it gets. You can implement an OpenID Connect solution in four simple steps by copying a few lines of code. You do not even need to learn the protocol to use Auth0.\u003c/p\u003e\u003col\u003e\u003cli\u003eSet up a callback URL from your Auth0 dashboard\u003c/li\u003e\u003cli\u003eIntegrate Auth0 Lock on your site or trigger login manually\u003c/li\u003e\u003cli\u003eSend the \u003ccode\u003ecode\u003c/code\u003e your app receives to the Auth0 with a \u003ccode\u003ePOST\u003c/code\u003e\u003c/li\u003e\u003cli\u003eUse a \u003ccode\u003eGET\u003c/code\u003e to retrieve the user profile from the server’s response\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThen, when users visit your website, this is what they’ll see (you can customize the look of the box, of course!)\u003c/p\u003e"},{"title":"National Association of REALTORS®","description":"\u003cdiv style='background-color: #16214d; margin-bottom: 25px;'\u003e\u003cdiv\u003e\u003cimg alt='National Association of REALTORS®' style='width: 30%;' src='https://images.ctfassets.net/kbkgmx9upatd/7MbCEmsNqmotPm28sOrJWq/cdc709deeb75c437222cb768ad99547c/office_R_white.png'\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eTo make adoption easy, the National Association of REALTORS® turned to Auth0 to meet this standard.\u003c/p\u003e\u003cdiv\u003e\u003cp style='text-align:center'\u003e\u003ci\u003e\u003cb\u003e\u003cspan\u003e“When we were looking to implement OpenID Connect, we first considered building a solution ourselves. Ultimately we chose to work with Auth0 because it enabled us to unify authentication across dozens of disparate web properties while dramatically improving our time to market.”\u003c/span\u003e\u003c/b\u003e\u003c/i\u003e\u003c/p\u003e\u003cp style='text-align:right'\u003e-Mark Lesswing – SVP and CTO, National Association of REALTORS®\u003c/p\u003e\u003c/div\u003e\u003cdiv style='background: #daf4fd; border-radius: 3px; margin: 1em 0;padding: 1em; display: flex; justify-content: space-between;'\u003e\u003cspan style='color: #097093;'\u003eOpenID Connect Compliance in Four Simple Steps\u003c/span\u003e\u003cspan\u003e\u003c/span\u003e\u003ca style='background: #097093;border-radius: 3px;color: #fff;font-weight: 500;padding: 0.2em 1em;' href='https://cdn.auth0.com/blog/real_estate_solution_reso.pdf' target='_blank' rel='noopener noreferrer'\u003eDOWNLOAD PDF\u003c/a\u003e\u003c/div\u003e"},{"title":"Video: OpenID Connect in less than 6 minutes","description":"\u003cdiv style='padding:62.5% 0 0 0;position:relative;'\u003e\u003cdiv class='wistia_responsive_wrapper' style='height:100%;left:0;position:absolute;top:0;width:100%;'\u003e\u003ciframe src='//fast.wistia.net/embed/iframe/nb0oi88yyu?seo=false\u0026videoFoam=true' allowtransparency='true' frameborder='0' scrolling='no' class='wistia_embed' name='wistia_embed' allowfullscreen mozallowfullscreen webkitallowfullscreen oallowfullscreen msallowfullscreen width='100%' height='100%'\u003e\u003c/iframe\u003e\u003c/div\u003e\u003c/div\u003e\u003cscript src='//fast.wistia.net/assets/external/E-v1.js' async\u003e\u003c/script\u003e\u003c/div\u003e"},{"title":"Advantages Beyond OpenID Connect","description":"\u003cdiv style='background-color: black; margin-bottom: 25px;'\u003e\u003cdiv\u003e\u003cimg style='width: 30%; padding: 50px 0' alt='Phone screens facing up placed diagonally with login screens' src='https://images.ctfassets.net/kbkgmx9upatd/6VLMfLTi862UcU2piK7SAQ/ea1ae8b064cb0db2901160bfb73aea5b/hero-mfa.png'\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eOnce OpenID Connect is implemented, you can also take advantage of other Auth0 benefits including:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href='https://auth0.com/b2c-customer-identity-management' target='_blank'\u003eEnriched user profiles\u003c/a\u003e with important identity provider data\u003c/li\u003e\u003cli\u003eChoose your preferred identity providers (30+:\u0026nbsp;Google, LinkedIn, etc.)\u003c/li\u003e\u003cli\u003e\u003ca href='https://auth0.com/guardian' target='_blank'\u003eMulti-Factor Authentication\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href='https://auth0.com/breached-passwords' target='_blank'\u003eBreached Password Detection\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAuth0 is a universal identity clearinghouse. Any application – mobile, web, enterprise – written with any framework. And any Identity Provider (IdP) from popular social sites to enterprise IdPs like Active Directory, SAML, and legacy databases. With just a few lines of code, you can the implement secure, comprehensive identity management system to meet your needs.\u003c/p\u003e"}]}]},"__N_SSG":true},"page":"/learn","query":{},"buildId":"RO_SziR6vX5xi4h-wP00e","assetPrefix":"/b2b-enterprise-identity-management","isFallback":false,"gsp":true,"scriptLoader":[]}</script></body></html>