Auth0 OverviewUNIXBusinessApplication

Auth0 is the #3 ranked solution in top Single Sign-On (SSO) tools, #3 ranked solution in top Customer Identity and Access Management tools, and #4 ranked solution in top Access Management tools. PeerSpot users give Auth0 an average rating of 8.4 out of 10. Auth0 is most commonly compared to Azure Active Directory (Azure AD): Auth0 vs Azure Active Directory (Azure AD). Auth0 is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
Buyer's Guide

Download the Single Sign-On (SSO) Buyer's Guide including reviews and more. Updated: November 2022

What is Auth0?

Auth0 is an easily adaptable authentication and authorization platform.You can easily and quickly connect your apps, choose identity providers, add users, set up rules, customize your login page and access analytics from your Auth0 dashboard. It really is identity made simple for developers.

Auth0’s identity and management platform provides:

  • Greater control
  • Superior security
  • Ease of use

With Auth0 You Can:

  • Optimize for user experience, privacy, and security
  • Use social login integrations
  • Lower user friction
  • Incorporate rich user profiling
  • Facilitate more transactions.
  • Incorporate multi-factor authentication, custom extensions, and step-up authentication for high-risk/high-value transactions
  • Allow for anonymous initial use prior to registration
  • Delegate access for B2B2C SaaS services
  • Have access to an organizational portal, access controls, and multiple extensions
  • Federate with industry partner IAM systems
  • Establish layered policy and access controls

Auth0 Features:

  • Universal login: Auth0 makes it possible for you to authenticate users across all of your applications using your own custom, secure, and standards-based unified login.
  • Single sign on: Auth0’s SSO feature allows users to log in once and use all applications they have been granted access to, regardless of whether or not it is through enterprise federation, social login, or username and password authentication.
  • Multi factor authentication (MFA): This feature gives you the ability to restrict access to sensitive resources. When moving into more restricted areas of applications, Auth0’s MFA allows you to require users to authenticate with a stronger authentication mechanism.
  • Actions: There are serverless developer tools to easily extend and customize Auth0. Auth0’s Actions is an extensibility platform that is designed to provide developers with more tools, and thus a better experience. Code is stored and runs on infrastructure owned and maintained by Auth0.
  • Machine to machine: The Auth0 platform simplifies communication between APIs and trusted services. WIth Auth0, you can enable secure access to your API from other internal or external non-interactive third party-apps with minimal configuration.
  • Passwordless: Auth0’s passwordless feature makes the authentication experience easy, and users don’t have to worry about reusing passwords across multiple sites, leaving your organization and your users more protected.

Auth0 Benefits:

  • Security: Auth0 security allows the application to grant access rights to the user's resources on another service. Additionally, you can also give a limited set of access rights (instead of a full one) at will.
  • UI options: Auth0 provides the ability to use both built-in and custom UI. When developing your own iOS or Android application, you can choose either a native or browser-based login flow.
  • Auth0 Analytics: Auth0 makes it easy to track users in an application or on a website. With Auth0 Analytics, you can capture and measure specific events like the number of new and existing users, the number of users registered in each application, in-app login activity in the past year, the number of new registrations during the current day, and much more. Auth0 Analytics provides this data via visual graphs and offers the feature to filter reports to gain more accurate information.
  • Detailed documentation: Another benefit of Auth0 is that it includes detailed documentation and clear code examples in popular programming languages.
  • Built-in libraries: Auth0 offers several libraries with a large number of technologies.
  • Wide range of settings: With Auth0 you have the ability to choose from a variety of settings, and also have access to quality API.

Reviews from Real Users:

And Engineer Lead for SaaS Technology & Customer Success at a media company says, "The solution's overall flexibility and customizability were the chief factors for selecting it in the beginning. They still remain among the best reasons to use Auth0. The flexibility that you get, and what it's allowed us to do on top of it in terms of code, is key.”

"It's a very powerful platform,” says Shlomi C., a System Architect at Skai. “It has the ability to do the usual stuff, according to modern protocols, like OIDC and OAuth 2. But the real benefit of using the platform comes from its flexibility to enhance it with rules and, now, with what they call authentication pipelines. That is the most significant feature, as it allows you to customize everything regarding the authentication and authorization process.”

Jakub W., Principal Architect at a computer software company, says "The most important thing for me is compliance. Everything that they have developed in Auth0 is already certified by many regulators such as ISO. So, we do not need to take care of that. We have the shared responsibility model to share assets with other products we are using in the cloud.”

For Siddhit R., Linux Platform Engineer at a tech services company, "The most valuable feature is that it is simple to integrate, irrespective of your codebase.”

Auth0 Customers

JetPrivilege, Safari, Schneider Electric

Auth0 Video

Auth0 Pricing Advice

What users are saying about Auth0 pricing:
  • "Pricing of Auth0 is a pain point. Their pricing model is very confusing, at least for an enterprise. I don't like their pricing model. I think it's too aggressive. It's not very cheap for a service that only does authentication."
  • "I am pretty happy with the pricing model of Auth0. It is very clear for me. Considering our scale, the features that we are using, and additional features that we bought, we still find it great. If you split the costs for the whole year and calculate the number of people you needed to hire, it always comes out to be much lesser than what we would have spent on building our own solution."
  • Auth0 Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Shlomi Cohen - PeerSpot reviewer
    System Architect at Skai
    Real User
    Top 10
    Very easy to set up new SAML and SSO integrations with support for all IDPs including Okta and Azure
    Pros and Cons
    • "It's a very powerful platform. It has the ability to do the usual stuff, according to modern protocols, like OIDC and OAuth 2. But the real benefit of using the platform comes from its flexibility to enhance it with rules and, now, with what they call authentication pipelines. That is the most significant feature, as it allows you to customize everything regarding the authentication and authorization process."
    • "When they introduced the Organizations feature they did support different login screens per organization. However, they introduced a dependency between this feature and another called the New Universal Login Experience. The New Experience is a more lightweight login screen, but it is much less customizable. For example, today, we are able to fully customize our login screen and even control the background image according to the time of day. We have code to do that. But we are not able to write code anymore in the New Experience."

    What is our primary use case?

    We use it as an authentication platform for our customers.

    How has it helped my organization?

    With Auth0, you can stop the effort of having to keep up with the progress being made in the security and authentication world, like better protocols, better encryption, and better ways to connect with other systems. It's all managed in Auth0. At the organizational level, you stop worrying about how to connect Facebook users to your application, or how to connect with a customer's internal authentication system to log in to your systems. These were questions that, three years ago, we decided to develop answers for ourselves, but with Auth0, each integration now comes out-of-the-box, and it's only a matter of configuration.

    What is most valuable?

    It's a very powerful platform. It has the ability to do the usual stuff, according to modern protocols, like OIDC and OAuth 2. But the real benefit of using the platform comes from its flexibility to enhance it with rules and, now, with what they call authentication pipelines. That is the most significant feature, as it allows you to customize everything regarding the authentication and authorization process. I would rate its flexibility between a nine and 10, out of 10.

    For example, one way to authenticate into our system is to log in with Google. Our service is not one that you can simply sign up for through the internet and then start using. You need to talk with one of our technical account managers, sign a contract, and then we start everything for you. So when a user logs in with Google, it means that every user on the internet can log in to the system. We needed to find a way to know if a user was already defined in our systems, and otherwise, to reject him. We wrote a simple Auth0 Rule to get the user's email from Auth0 after he authenticated, and we then use an API in our backend system to check if the user is legitimate. In this way, we filter out all those who are not our paying customers.

    In addition, we like the integrations that are built into Auth0. For example, it has a built-in integration with Zendesk. It's very easy to set up new SAML and SSO integrations with our customers, as it supports all IDPs out there, like Okta and Azure, among others. 

    Auth0 also has a very rich selection of social connectors that allow users to connect with their social accounts. We mostly use Google, but they support many others. In addition, their user interface is very intuitive.

    Lately, it looks like they have been very responsive to customer needs since they brought out the Organizations feature in the last year, which is a very nice feature that helps customers like us to manage our customers. It's targeted at enterprise-scale solutions, allowing us to manage multiple organizations within the same tenant. We are seriously considering migrating to this feature. It's a process, but we feel that it will better support the customer model that we have in Kenshoo. We also need to be able to support customized login screens with different company logos. All of that is supported by Auth0, so this probably would be a much more important feature for us than the rules themselves.

    What needs improvement?

    When they introduced the Organizations feature they did support different login screens per organization. However, they introduced a dependency between this feature and another called the New Universal Login Experience. The New Experience is a more lightweight login screen, but it is much less customizable. For example, today, we are able to fully customize our login screen and even control the background image according to the time of day. We have code to do that. But we are not able to write code anymore in the New Experience.

    We really want to take the Organizations feature, but on the other hand, it is coupled with the limitations of the New Experience. That is why we have put the Organizations feature on hold. It is lacking some customization abilities.

    Buyer's Guide
    Single Sign-On (SSO)
    November 2022
    Find out what your peers are saying about Auth0, One Identity, Microsoft and others in Single Sign-On (SSO). Updated: November 2022.
    657,849 professionals have used our research since 2012.

    For how long have I used the solution?

    I've been using Auth0 for approximately three years.

    What do I think about the stability of the solution?

    An important feature is the very good availability, the high availability. In the last three years, we have only faced one major outage in production.

    What do I think about the scalability of the solution?

    For us, scalability is less relevant. Our service is not characterized by millions of users. It's not like Snapchat or Instagram where you need to deal with a massive number of users. In our case, there are a couple of dozen users per customer. We have about 2,000 active users per month, meaning that a huge user base is not the nature of our business. As a result, I can't really say anything about Auth0's scalability.

    I do believe that they are prepared for a much larger scale than ours. That's the feeling I get from my experience with the platform.

    How are customer service and support?

    When we faced problems with Cognito, we opened a ticket with Amazon and the response was horrible. Interacting with Amazon is really bad, especially if you have a problem and you need a fast response. And after a couple of tries, we moved to Auth0. 

    With Auth0 you pay more than you do for Cognito, but you also get premium support. That means that you get a reply according to the severity of the ticket that you open, and that reply comes very quickly. Even for normal severity tickets that I have opened, I have always received a response on the same day. And generally, they have been very satisfactory responses. 

    The only exception is when it comes to the features that we lack, but that is not something that support can help you with. That is more the type of topic you take to the product management team, and I respect that. I don't expect support to give me an answer or  a solution for everything.

    We also have a quarterly talk with them where we can raise any issues or feature requests we have. The support we get from Auth0 is one of the reasons we went with them and one of the reasons that we stay with them.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We had developed something like this in-house some six years ago. Over time, we identified that it was a problem for us to chase the requirements and the changes needed to support more modern authentications, like SAML integrations, multifactor authentications, and other advanced security protocols. So we decided to try to find a vendor that would provide this for us.

    How was the initial setup?

    The initial setup and deployment of Auth0 was pretty straightforward. But to be honest, we are only using 40 to 50 percent of the features they provide. And when we started, we were only using about 20 percent of the features, only the authentication part of it. Our use of it was fairly simple. 

    We initially started down this path with Cognito from Amazon. We wrote the whole integration with Cognito and, about two months into that integration, we found a critical issue that we couldn't live with. We didn't get a decent answer from Amazon about it, so we decided to move on to another vendor.

    Auth0, obviously, didn't have that issue. The bottom line is that it took us something like two or three weeks to migrate the whole thing from Cognito to Auth0. So in terms of the setup, that was pretty fast. Even migrating from an existing, competitive service, another IDP, was not that complicated. Again, it depends on how many of the features you are going to use. We decided not to go with features that couple us to the vendor so that we would not be locked in. That is what allowed us to migrate to Auth0 in two weeks.

    What was our ROI?

    We haven't calculated how much development we have saved by going with Auth0 and whether that justifies the cost of our three-year contract with them. My gut feeling is that it has been worth it, but it's on the edge. I would expect some more flexibility on the licensing, but all in all, I think it was worth it, not having to develop this in-house.

    We haven't measured whether we have seen a decrease in customer support tickets due to fewer password issues, but my sense is that maybe there has been a small decrease because the flow is standardized. In addition, we are no longer responsible for sending emails when issues arise or for making sure the email server is up and running, et cetera.

    What's my experience with pricing, setup cost, and licensing?

    Pricing of Auth0 is a pain point. Their pricing model is very confusing, at least for an enterprise. I don't like their pricing model. I think it's too aggressive. It's not very cheap for a service that only does authentication. There are some cheaper services, and we find the negotiations with them to be pretty tough.

    One of the benefits of Auth0 is the SAML integration with SSO and other IDPs but it is priced very high. I would expect this ability to be included, because we pay them good money, and not priced the way it is priced today. This is one of the areas where we are not happy with Auth0.

    Which other solutions did I evaluate?

    We chose Auth0 after we did some research into other candidates. We looked into Cognito by Amazon because it was the cheapest.

    We also looked at Okta, and although this might have changed in the last three years, at that time Okta didn't have a clear strategy to support a large volume of customers. It looked like they were more focused on enterprises and their pricing model did not work with the needs of a customer-facing authentication system. Today they have an offering for that, but three years ago it wasn't like that. 

    We also looked at some on-premises solutions, like Shibboleth, but we didn't seriously consider them.

    What other advice do I have?

    We could manage without Auth0 Rules. We built an architecture in which all the communication to and from Auth0 is centralized in a single service, within our company. We could add this business logic to our service and have the same functionality. But the fact that it's available for us in Auth0 means we don't need to change our code or our service to support it, and that makes things a little bit more convenient. On a scale of one to 10, the importance of Auth0 Rules for us would be a seven.

    The biggest lesson I have learned from using Auth0 is that when a company does something very well, you are probably better off using their service instead of trying to do it yourself. Doing it on your own requires investing in the development and the maintenance of it. Also, things change over time and you have to keep up. The policy in our company is that whenever a company does something very well, and it is not our core business, and the price is reasonable, we might want to pay them to externalize that product or service.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Jakub Wozniak - PeerSpot reviewer
    Principal Architect at a computer software company with 201-500 employees
    MSP
    Top 10
    Shortens the development time, takes care of compliance, and saves a lot of money
    Pros and Cons
    • "The most important thing for me is compliance. Everything that they have developed in Auth0 is already certified by many regulators such as ISO. So, we do not need to take care of that. We have the shared responsibility model to share assets with other products we are using in the cloud."
    • "There is a possibility to improve the machine-to-machine authentication flow. This part of Auth0 is not really well documented, and we could really gain some additional knowledge on that."

    What is our primary use case?

    We are building a software as a service platform of products, and we wanted our customers to be able to have the same seamless experience in terms of how they log into our products. We wanted it to be secure, and we didn't want to use our own development resources in building our own solution. We wanted something that is secure and ready at the beginning of our development so that we have a very short time to market. We wanted it to be a very extensible solution and building something on our own wasn't an option for us. We wanted something that was already there. We also wanted a company that is highly committed to delivering state-of-the-art solutions for identity management.

    It is deployed in the cloud. This is a software as a service. So, our workloads work in the cloud. We are mostly using AWS, but we also have Azure and GCP. We are a multi-cloud company.

    How has it helped my organization?

    I was able to pass the ISO audit smoothly. When they asked me for identity management, I just told them that it is Auth0, and it was passed. So, it has helped with compliance.

    We are using Auth0 Rules during the authentication process to contact our internal APIs and extend the token that Auth0 generates with additional information that comes from our database. Auth0 Rules are pretty important because by using Auth0 Rules, we are able to shorten the development time. We didn't need to do any workarounds and so on. We could quickly deploy some code into Auth0, and our use case was covered in less than one day. We are also using Actions, which is the new thing that came after Rules and Hooks.

    It provides the flexibility and the customizability that we need. I did a webinar on Auth0 in AWS, and I said that we know that the software-as-a-service products are not designed to cover 100% of use cases. They are just trying to solve 90% of them, but with Auth0's Rules engine, Actions engine, and many different features, I am able to code something around Auth0. So, I can bend the existing functionality exactly for my use case. For me, this extensibility of the software or the software as a service model is very important because then I know that I won't face any roadblocks that I cannot really go around.

    It allows us to tailor the user experience flow. We find the user experience with Auth0 really great, and we could customize it exactly as per our needs. The new features that they released during the last year since we have signed the contract have been helpful. The additional hosted login page that splits the authentication into two different steps and the Auth0 organization features are really great for us.

    It has saved us the development time and money by not having to deal with authentication or identity management. It has shortened the development time and saved a lot of money for us. We did a case study on Auth0, and we had a 300% return on investment in terms of money. We have also reduced the development time by about two months. We also don't need people dedicated to our own solution, which is an ongoing process of saving money.

    It has helped us in setting up authentication without having to hire additional staff. We were able to do that with our own resources. We don't need to have a dedicated team that is working only on identity management.

    What is most valuable?

    The most important thing for me is compliance. Everything that they have developed in Auth0 is already certified by many regulators such as ISO. So, we do not need to take care of that. We have the shared responsibility model to share assets with other products we are using in the cloud.

    I am very pleased with the number of features that came with Auth0. I am also very happy with how Auth0 developed since we have been using it. The number of features is really great for me, and it really covers almost all of the needs that we have when deploying it into our product.

    Their documentation and SDKs are great when it comes to helping developers and application builders set up authentication. On a scale of zero to 10, I would rate it a strong eight because their documentation is really good. They are able to explain a pretty complex process of authentication and authorization in simple words. Their documentation is a really great resource of knowledge, even if you are not using Auth0. That's because the process that they have implemented is a well-known standard in the industry, and they have described it really well. Their documentation is really great for us. We had no problems with SDKs, and their SDKs are also pretty good.

    What needs improvement?

    There is a possibility to improve the machine-to-machine authentication flow. This part of Auth0 is not really well documented, and we could really gain some additional knowledge on that.

    For how long have I used the solution?

    I have been using Auth0 for a year.

    What do I think about the stability of the solution?

    Its stability has been great. We didn't have any issues with Auth0 so far.

    What do I think about the scalability of the solution?

    It has been working really well for us. We don't see any issues in terms of scalability. We are going to increase its usage because this is our business.

    How are customer service and support?

    I really like the customer support of Auth0. I really like the people I'm working with from Auth0. They are really helpful. So, I'm very happy with them. I would rate them a nine out of 10. I didn't give a 10 because there is always room for improvement. So, a 10 is not really achievable.

    Which solution did I use previously and why did I switch?

    We were using a different solution from a cloud provider. We switched because we felt that the solution that we were using was not really well maintained. It was working, and it was stable, but the customer experience wasn't great. The number of features that were released when we were working with that solution was close to zero.

    How was the initial setup?

    It was very easy. We were able to onboard it with the first application in less than two weeks.

    We had an implementation strategy. We started with a very simple PoC. We had a small dedicated team for that. I and my colleague researched and reviewed what is Auth0 capable of and designed a very small framework for working with Auth0. We quickly onboarded the first one of the five applications that we have. So, the first application was our battleground. We saw what is working and what is not working. We decided how we should work with Auth0 and how to shift everything that is possible in our case to Auth0. After that was done, we tested it on the small user base. We then, one by one, went with other applications.

    What was our ROI?

    We had done an Auth0 case study, and we had stated there that we had a 300% return of investment in terms of money.

    What's my experience with pricing, setup cost, and licensing?

    I am pretty happy with the pricing model of Auth0. It is very clear for me. Considering our scale, the features that we are using, and additional features that we bought, we still find it great. If you split the costs for the whole year and calculate the number of people you needed to hire, it always comes out to be much lesser than what we would have spent on building our own solution.

    Which other solutions did I evaluate?

    We did some evaluation. We evaluated the solutions that are available from various cloud providers such as AWS, GCP, and Azure.

    We also looked into Okta, which was its competitor at that time. Now, Okta is the owner of Auth0. At that time, we felt that Auth0 had a big advantage over Okta. Auth0 was focused on the external users' experience. Okta, for example, was more focused on internal employees logging into the systems. It was more about internal entity management. We wanted something for external users, and Auth0 was really great at that.

    We went with Auth0 also because it is a company that is fully committed only to identity management. With cloud providers, this is just another service that can be maintained. So, we wanted to go with a provider that is really focused on delivering only external identity management solutions for customers like us.

    What other advice do I have?

    To someone who says we can build authentication in-house, I would say that you can try it, but you will probably fail at it. The authentication and authorization process is really complex. You need to be really focused on that to be able to deliver a solution that is really secure and compliant with different standards. You can sleep peacefully having Auth0 deployed. With solutions that are built in-house, you will probably have some basic functions, but in my opinion, there is a vulnerability that will probably be exploited in the future. Auth0 is hiring people who are committed only to one particular area of computer science, which is authentication and authorization. They really understand the different algorithms that are behind that. So, if you do not have such engineers in-house, you will probably have a solution that is not 100% bulletproof.

    For us, MFA is required every time someone logs in. Even though I like the idea of Adaptive MFA, it is not a good fit for our business model. 

    Auth0 allows us to turn on or off features like social logins, MFA, or Anomaly Detection with the flip of a switch, but it is hard to assess the importance of this feature. The ability to customize the flow for authentication and authorization is very important for us, but as a company, we don't need social logins and so on. Having them enabled would be considered unprofessional in our area, and we don't need to turn them on. So, this is very important for us that things that we do not use can be turned off.

    It hasn't helped to increase new-user conversion due to less sign-up or login friction because that is not in our business use case. We do not allow people to sign in to our solutions. We are business-to-business. Similarly, it has not decreased customer support tickets due to password issues because that's not applicable to us.

    I would rate Auth0 an eight out of 10. I will always say that I am a really big fan of Auth0.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    Single Sign-On (SSO)
    November 2022
    Find out what your peers are saying about Auth0, One Identity, Microsoft and others in Single Sign-On (SSO). Updated: November 2022.
    657,849 professionals have used our research since 2012.
    Solutions Architect at a tech vendor with 10,001+ employees
    Real User
    A great solution for authentication and authorization
    Pros and Cons
    • "It supports identity federation, FSO and multi-tenancy."
    • "The product support for multi-tenancy could be improved."

    What is our primary use case?

    We use this solution for authentication and authorization, and we deploy it on cloud. For example, if you log into a particular portal, this platform will help authenticate a valid user. It supports identity federation, FSO and multi-tenancy.

    What needs improvement?

    The product support for multi-tenancy could be improved further, and advanced authorization capabilities could be included in the next release.

    For how long have I used the solution?

    We have been using the solution for one month.

    Which solution did I use previously and why did I switch?

    We previously used AWS Cognito but switched because it did not support many functionalities.

    How was the initial setup?

    The initial setup was very good, and we set it up in a few hours.

    What about the implementation team?

    We deployed the solution in-house, and one person is enough to complete the deployment.

    What's my experience with pricing, setup cost, and licensing?

    I cannot comment on exact licensing costs because a different department handles it, but from my understanding, the solution is priced reasonably.

    What other advice do I have?

    I rate the solution an eight out of ten. The solution is good, but its support for multi-tenancy could be improved further, and advanced authorization capabilities could be included in the next release.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Single Sign-On (SSO) Report and find out what your peers are saying about Auth0, One Identity, Microsoft, and more!
    Updated: November 2022
    Buyer's Guide
    Download our free Single Sign-On (SSO) Report and find out what your peers are saying about Auth0, One Identity, Microsoft, and more!