I am not involved on the development side, so I cannot speak to the technical aspects that could be improved on the implementation. However, the core cloud-based identity and access management is solid, and the workflow could always improve. There are a few hitches, but customer feedback has generally been very good.

The only negative feedback I have heard is about the decision to go direct rather than through partners or distribution channels. However, this is not a product-related issue; it is more feedback from channel partners.

Auth0 Platform is a large company, which results in less flexibility in their applications. We encountered a few issues, and when we consulted the community, they did not have answers. We had to modify our workflow to adjust to their current system.

Pricing is a significant issue we faced. As a small company, we need SSO login and other login methods. However, accessing SSO logins requires subscribing to the enterprise plan. Auth0 Platform does not offer basic plans with a few SSO connections that we could try. We must subscribe to a major plan to access most of their features. While this works well for larger companies, for small companies or those conducting POCs, this affects our budget allocation for other initiatives.

Additionally, if we need to serve users in the US, Canada, Europe, and potentially India, we require the ability to keep data in specific countries. Creating multiple Auth0 Platform tenants for data residency requirements is only available in enterprise or higher plans, not in basic plans. Auth0 Platform does not currently have an Indian tenant to serve Indian users. We must use a US or other available tenant and keep Indian user data there. We had a requirement to create an Indian tenant, but since it is not available, we proceeded with a US tenant.

Regarding improvements for Auth0 Platform, during the last time I used it, I observed that during log analysis or when using the search or filter options, I missed some features. If I went into Entra and tried to filter to find a log, those filtering features are missing in Auth0 Platform, which I felt could be improved. Additionally, providing users with access to applications was not that easy to navigate, and it was difficult to see which user has which application access. If that could be improved, Auth0 Platform will be more user-friendly.

I rate Auth0 Platform an eight, not a ten, because although it offers a great user experience, there are still some aspects to improve. During log analysis, it is not quite easy for us to see if a user has access to applications or which user is facing any issues, so those filtering features are missing. That is why I rated it eight; otherwise, I would have rated it ten out of ten.

Regarding areas for improvement, Auth0 Platform is a premium product, and its pricing reflects its enterprise-grade capabilities. While the cost can sometimes make smaller businesses hesitate, the return on investment usually outweighs the initial price tag when the platform is architected and implemented correctly. The comprehensive feature set, top-tier security, and reduced development time justify the investment for organizations prioritizing scalability.

On the technical side, I would like to see Auth0 introduce more no-code branding options for Universal Login. Currently, achieving a highly specific, bespoke login experience often requires utilizing Liquid page templates or the newly released Advanced Customizations for Universal Login. While these are incredibly powerful tools, they do require some technical expertise to execute flawlessly. Having more robust, out-of-the-box customization options would be a great enhancement in the future.

Auth0 Platform works pretty well, but ways it can be improved include the universally cited complaint that the free tier is generous, but the jump to paid can be steep for a growing startup.

Auth0 Platform and Okta said that they are reducing the price for users that are just starting and want to use a paid version.

The number one area I want to see improved is token and session management documentation for complex enterprise environments. The quickstart guides are great for getting started, but once you move into a microservice architecture with multiple services, token expiry, refresh token rotation, and session handling across services, the documentation gets thin. We had to figure out a lot of edge cases on our own through trial and error, which cost a significant amount of time.

When a token validation fails in production, the error messages are often vague. Something such as 'invalid token' does not tell you much. Is it expired? Is the signature wrong? Is the audience claim mismatched? More descriptive error responses would save developers hours of debugging time.

As your user base grows, Auth0 Platform pricing can become a concern in an enterprise context. I would love to see clear pricing tiers and better cost predictability for large-scale deployments so organizations can plan budgets more confidently.

The machine-to-machine use case is very common in enterprise environments, but the documentation around it, especially for edge cases, could be significantly more detailed. More enterprise-focused guides around microservices and machine-to-machine authentication would be beneficial.

Auth0 Platform is not as flexible compared to ForgeRock or IBM Security Access Manager.

Auth0 Platform will only play on the outer boundary of the application. Once the application team requests to handle their entire system and APIs, then only ForgeRock and IBM Security Access Manager can help; Auth0 Platform cannot assist.

The only area for improvement is that Auth0 Platform cannot handle requests for developing APIs for legacy systems, such as mainframe models, where ForgeRock and IBM Security Verify Access can be utilized.

In Auth0 Platform, one area that has room for improvement is on-premises deployment because one major thing that I see some other vendors do is give on-premises deployment, basically allowing me to have my own version of Auth0. Auth0 currently does not offer that; it is just a SaaS offering. That is something they could add, but other than that, they cover most of the boxes for my requirements.

I noticed some enhancement challenges. Sometimes when I logged in, there was a thirty-day time period to log in again, but recently after restarting my system, that thirty-day period is not working. I need to provide the token after login again, which is for the security part. For development accounts used by others, every time we need to use those tokens to connect to that site. UI improvements can also be made, particularly on the homepage, where tiles could be displayed. It would help if there were separate left bar tiles for the login section so anyone could edit their login page directly.

Everything is working very well. However, when integrating, I need to give permissions and manage many things manually when creating users with multi-tenancy. For instance, I first create the connection, then the organization, enable the connection at the application level, allow some permissions, and create the default user. Improvements could be made so that when someone creates an organization, a default user is available from Auth0 Platform to log in, and they could use those credentials to create further users. This is also dependent on functionality and user requirements. For my use case, that was lacking.

The initial setup was somewhat complex. Since I was doing it for the first time, I needed to create an application, allow permissions, integrate it, and set redirect variables and URLs for logout. Although documentation is available, it does not specify the exact format for multiple logout URLs or multi-tenant URLs. Sometimes I had to try different methods until it worked. Improvements in documentation are needed for first-time setups.

When connecting with Auth0 Platform, if there is a failure or error, I do not receive a specific message to identify if it is a bug or another type of issue. I suggest having clearer error messages, such as indicating what is missing or providing expected formatting for values.

When we started in Europe, there was no European data center. That is there now, which solves a lot of problems that we had then. However, to be more compliant and easier to recommend for customers that are government organizations and do not want anything to do with American companies, that is difficult. The same applies to Azure. Having European data centers helped, but it might not be enough for some. Data and data protection are important things. Even now, it is a pain to back up to an offline location or it is hard to back up everything to your own data center or your own location. That is still a hard thing. I have to build that all myself and I have to use the APIs, and for backing up, I need all the data, so that is a pain. It would be nice to have that out of the box so that I could have an offsite backup that is not in Auth0 Platform Cloud.

Regarding the backup I mentioned before, I was puzzled that there was not something already in place to do this. I found out through their support that I indeed had to build this myself.

Auth0 Platform could improve by allowing more than three enterprise connections, as I remember it being three. We are stuck with that because I am not sure how the plan works, but it should be at least five.

The areas for improvement in Auth0 Platform include the UWP functionality, which works fine with the SDK. The support is also good as we read the documents available. In comparison to Keycloak, Auth0 Platform is my ultimate choice due to the ease of integration and strong support when we raise a ticket.

The amount of enterprise accounts could be improved, as that is my concern.

I find the process of managing roles, permissions, or MFA changes in Auth0 to be straightforward; it has a very user-friendly UI. However, at times I find it difficult to understand the role. In my previous experience a couple of months ago, I checked and the permissions assigned to the user were not working, but then I had to update it by going to its company and then providing the particular permissions. That was one thing I found as a limitation of Auth0, but apart from that, Auth0's UI is very user-friendly and easy to navigate.

I think additional documentation would be beneficial for Auth0.

Now that I am switching into automation, token handling is needed from Auth0, as well as session handling and error handling with invalid and expired tokens. A better layout or a better way to handle those would be helpful. Additionally, improvements can be made around the authorization code flow, refresh tokens, and expired tokens.

Auth0 Platform has an extension in the marketplace to see whatever applications I have assigned to the user. It would be easier if, as developed in Okta, they had an end-user dashboard integrated directly with Auth0 Platform's dashboard itself. That is one thing I can say could be improved. Other than that, I did not find any big impact areas for improvement because they have almost given all the features for a customer-facing platform.

The reporting in Auth0 Platform could use improvement. Currently, most of the reporting is contained within Auth0 Platform, but it would be useful to have notification streams sent to email or Teams. Enhancing notification features and their ease of use would be beneficial.

I do not have any specific recommendations for improvements as I utilize features I need, such as actions and triggers, as needed. Much in Auth0 Platform remains unutilized by us due to lack of needs, highlighting scalability.

I am not using Bot Detection and Attack Protection enhancements actively; it might be part of Auth0 Platform that I am not familiar with. Additionally, I lack enhanced B2B features implementation, focusing instead on applications and user management.

I do not think there are any improvements needed for Auth0, other than maybe making it more visible to beginners. Auth0 could be made more accessible to beginners.

One of the sought features in our company that we would like Auth0 Platform to improve is the adoption of new features and how quickly they are integrated. I would appreciate more extensibility features, as although extensions and plugins exist for ease of extensibility, they still are insufficient. For example, social login account linking remains unavailable in Auth0 Platform, which is one of the most requested features from our brands. Additionally, multiple custom domains are also a sought feature, especially for tenants where multiple brands share the same database in the same tenant.

Auth0 Platform's documentation is excellent, their support organization is excellent, their code is robust, and it's certified as secure.

Managing federated identities for our customers to onboard their own users in Auth0 Platform would be a great enhancement.

I find it surprising that there is no access to a standard user profile. By default, the user profile does not contain the name, first name, or address, which I would expect. I have to implement these features myself if I want to include them.

Auth0 doesn’t have a great way of providing self-managed user management tools. If I have to provision my customers to manage their tenants, they don’t do it out of the box. 

We are wrapping a solution around it to make that happen. There are some marketplace plugins available, but they are not so great. We have developed our own custom solution to expose user management to our customers.

It is expensive and not friendly to small developers. On the other hand, Clerk is user-friendly for smaller companies. 

Auth0 could become more easier. B2B organizations need to catch up with the price. Multi-tenancy needs to be less expensive, and the ease of use and onboarding must also be better. Three tenants are allowed for every account. They have to improve their organizational features.

There could be an easy integration with IoT devices for the product.

There is a possibility to improve the machine-to-machine authentication flow. This part of Auth0 is not really well documented, and we could really gain some additional knowledge on that.

The UI could be improved in terms of saving last filters in several screens, faster search and filter options. (not everyone remember the regex syntax by hurt)

There are indeed areas where the product could improve. For instance, Okta offers various application configurations, enabling access management, which the tool could consider implementing. Additionally, it lacks a third-party application for provisioning, a feature that Okta provides.

The tool's MFA is not as good as Microsoft Authenticator or Okta. It relies on email-based MFA, where it sends a code for verification. However, it lacks mobile apps for MFA like Microsoft Authenticator or Okta's mobile client.

Today we use home basic authentication and authorization, and we would like to move away from cloud and use some kind of IDP to improve authentication and authorization for our customers. So, for example, we can use the social logging feature in Auth0 to improve the customer experience.

The price modelling is a bit confusing on the site and can be costly. So if you use one measure like active user format, you need to talk to the support from Auth0 to check the price.

The Management API could be improved so it's easier to get user information.

This is a costly solution and the price of it should be reduced.

There is no immediate need for improvement. However, better documentation for Salesforce integration is suggested. Multi-factor authentication could be considered for future research.

The tool's price should be improved. 

The product support for multi-tenancy could be improved further, and advanced authorization capabilities could be included in the next release.

In the past, there was an issue with the multi-tenant where there wasn't the ability to manage them. For example, if you have three tenants you couldn't have different managers, but that has been sorted out through the release tool.

The product could use a more flexible administration structure in the next release. It could be improved by extending the administration model. 

The documentation and getting started guide is excellent for JWT and client-side authentication. However, I think they can do a better job in explaining what you're supposed to do next in order to correctly follow an idiomatic approach to using the solution beyond simply passing a JWT token to a server and having the server check then signature to validate the token.

The feature improvement I would like to see in Auth0 is around authorization. They can borrow Stormpath's (their primary competitor) notion of groups and organizations built-in on their API. Currently Auth0 takes a different approach, i.e., it uses rules to store authorization-related info on the metadata.