Auth0
Visualize Auth0 clients and users, map Auth0 users to employees, and monitor changes through queries and alerts.
- Installation guide
- Auth0 data model
Installation
To install this integration, you will need to configure settings both within Auth0 and on JupiterOne. Before enabling in JupiterOne, ensure that you complete the setup within your Auth0 dashboard.
Configuration on Auth0
An Auth0 Machine-to-Machine app's Domain, Client ID, and Client Secret are required for the JupiterOne integration to
interact with Auth0.
In order to obtain your app's credentials for the integration, an administrator of the Auth0 account will need to create a new App within your Auth0 dashboard.
To create a new Auth0 app for use with JupiterOne:
- Navigate to the Auth0 dashboard.
- Within the Applications section, select Applications.
- Create a new Machine-to-Machine application and enable the app to use the Auth0 Management API or select your desired API.
- In the API permissions, select
read:users,read:roles,read:resource_serversandread:clientsand click Authorize. - Navigate to the newly created app's Settings to retrieve the
Domain,Client ID, andClient Secret.
For more information, refer to Auth0's documentation for creating a machine-to-machine app or for accessing the app's settings.
Configuration in JupiterOne
To install the Auth0 integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Auth0. Click New Instance to begin configuring the integration.
Creating an Auth0 instance requires the following:
The Account Name used to identify the Auth0 account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled.Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.Enter the Auth0 Client ID for the Machine-to-Machine application designated for JupiterOne's use.
Enter the Auth0 Client Secret for the Machine-to-Machine application designated for JupiterOne's use.
Enter the Auth0 Domain for your Auth0 tenant. Format is typically
{YOURDOMAIN}.{REGION}.auth0.com. Do not includehttps://. If you are using a custom domain (e.g. 'mycustomdomain.com'), you can use it here.Enter the Auth0 Audience for your Auth0 tenant, which points to the specific API you will be using. Format must be an auth0.com subdomain, followed by
/api/{version}/. Examples might behttps://{YOURDOMAIN}.{REGION}.auth0.com/api/v2/orhttps://{YOURDOMAIN}.auth0.com/api/v2/.noteEven if you are using a custom domain with Auth0, you need to use your default Auth0 tenant domain here. Also, the trailing slash is necessary.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Auth0 Account | auth0_account | Account |
| Auth0 Client | auth0_client | Application |
| Auth0 Role | auth0_role | AccessRole |
| Auth0 Server | auth0_server | Host, Gateway |
| Auth0 User | auth0_user | User |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
auth0_account | HAS | auth0_client |
auth0_account | HAS | auth0_user |
auth0_role | PROTECTS | auth0_server |
auth0_user | ASSIGNED | auth0_role |