I am not involved on the development side, so I cannot speak to the technical aspects that could be improved on the implementation. However, the core cloud-based identity and access management is solid, and the workflow could always improve. There are a few hitches, but customer feedback has generally been very good.

The only negative feedback I have heard is about the decision to go direct rather than through partners or distribution channels. However, this is not a product-related issue; it is more feedback from channel partners.

Regarding areas for improvement, Auth0 Platform is a premium product, and its pricing reflects its enterprise-grade capabilities. While the cost can sometimes make smaller businesses hesitate, the return on investment usually outweighs the initial price tag when the platform is architected and implemented correctly. The comprehensive feature set, top-tier security, and reduced development time justify the investment for organizations prioritizing scalability.

On the technical side, I would like to see Auth0 introduce more no-code branding options for Universal Login. Currently, achieving a highly specific, bespoke login experience often requires utilizing Liquid page templates or the newly released Advanced Customizations for Universal Login. While these are incredibly powerful tools, they do require some technical expertise to execute flawlessly. Having more robust, out-of-the-box customization options would be a great enhancement in the future.

I noticed some enhancement challenges. Sometimes when I logged in, there was a thirty-day time period to log in again, but recently after restarting my system, that thirty-day period is not working. I need to provide the token after login again, which is for the security part. For development accounts used by others, every time we need to use those tokens to connect to that site. UI improvements can also be made, particularly on the homepage, where tiles could be displayed. It would help if there were separate left bar tiles for the login section so anyone could edit their login page directly.

Everything is working very well. However, when integrating, I need to give permissions and manage many things manually when creating users with multi-tenancy. For instance, I first create the connection, then the organization, enable the connection at the application level, allow some permissions, and create the default user. Improvements could be made so that when someone creates an organization, a default user is available from Auth0 Platform to log in, and they could use those credentials to create further users. This is also dependent on functionality and user requirements. For my use case, that was lacking.

The initial setup was somewhat complex. Since I was doing it for the first time, I needed to create an application, allow permissions, integrate it, and set redirect variables and URLs for logout. Although documentation is available, it does not specify the exact format for multiple logout URLs or multi-tenant URLs. Sometimes I had to try different methods until it worked. Improvements in documentation are needed for first-time setups.

When connecting with Auth0 Platform, if there is a failure or error, I do not receive a specific message to identify if it is a bug or another type of issue. I suggest having clearer error messages, such as indicating what is missing or providing expected formatting for values.

Auth0 Platform is not as flexible compared to ForgeRock or IBM Security Access Manager.

Auth0 Platform will only play on the outer boundary of the application. Once the application team requests to handle their entire system and APIs, then only ForgeRock and IBM Security Access Manager can help; Auth0 Platform cannot assist.

The only area for improvement is that Auth0 Platform cannot handle requests for developing APIs for legacy systems, such as mainframe models, where ForgeRock and IBM Security Verify Access can be utilized.

Auth0 Platform could improve by allowing more than three enterprise connections, as I remember it being three. We are stuck with that because I am not sure how the plan works, but it should be at least five.

The areas for improvement in Auth0 Platform include the UWP functionality, which works fine with the SDK. The support is also good as we read the documents available. In comparison to Keycloak, Auth0 Platform is my ultimate choice due to the ease of integration and strong support when we raise a ticket.

The amount of enterprise accounts could be improved, as that is my concern.

I find the process of managing roles, permissions, or MFA changes in Auth0 to be straightforward; it has a very user-friendly UI. However, at times I find it difficult to understand the role. In my previous experience a couple of months ago, I checked and the permissions assigned to the user were not working, but then I had to update it by going to its company and then providing the particular permissions. That was one thing I found as a limitation of Auth0, but apart from that, Auth0's UI is very user-friendly and easy to navigate.

I think additional documentation would be beneficial for Auth0.

Now that I am switching into automation, token handling is needed from Auth0, as well as session handling and error handling with invalid and expired tokens. A better layout or a better way to handle those would be helpful. Additionally, improvements can be made around the authorization code flow, refresh tokens, and expired tokens.

Auth0 Platform has an extension in the marketplace to see whatever applications I have assigned to the user. It would be easier if, as developed in Okta, they had an end-user dashboard integrated directly with Auth0 Platform's dashboard itself. That is one thing I can say could be improved. Other than that, I did not find any big impact areas for improvement because they have almost given all the features for a customer-facing platform.

The reporting in Auth0 Platform could use improvement. Currently, most of the reporting is contained within Auth0 Platform, but it would be useful to have notification streams sent to email or Teams. Enhancing notification features and their ease of use would be beneficial.

I do not have any specific recommendations for improvements as I utilize features I need, such as actions and triggers, as needed. Much in Auth0 Platform remains unutilized by us due to lack of needs, highlighting scalability.

I am not using Bot Detection and Attack Protection enhancements actively; it might be part of Auth0 Platform that I am not familiar with. Additionally, I lack enhanced B2B features implementation, focusing instead on applications and user management.

I do not think there are any improvements needed for Auth0, other than maybe making it more visible to beginners. Auth0 could be made more accessible to beginners.

Managing federated identities for our customers to onboard their own users in Auth0 Platform would be a great enhancement.

I find it surprising that there is no access to a standard user profile. By default, the user profile does not contain the name, first name, or address, which I would expect. I have to implement these features myself if I want to include them.

Auth0 doesn’t have a great way of providing self-managed user management tools. If I have to provision my customers to manage their tenants, they don’t do it out of the box. 

We are wrapping a solution around it to make that happen. There are some marketplace plugins available, but they are not so great. We have developed our own custom solution to expose user management to our customers.

There are indeed areas where the product could improve. For instance, Okta offers various application configurations, enabling access management, which the tool could consider implementing. Additionally, it lacks a third-party application for provisioning, a feature that Okta provides.

The tool's MFA is not as good as Microsoft Authenticator or Okta. It relies on email-based MFA, where it sends a code for verification. However, it lacks mobile apps for MFA like Microsoft Authenticator or Okta's mobile client.

There could be an easy integration with IoT devices for the product.

There is no immediate need for improvement. However, better documentation for Salesforce integration is suggested. Multi-factor authentication could be considered for future research.

It is expensive and not friendly to small developers. On the other hand, Clerk is user-friendly for smaller companies. 

Auth0 could become more easier. B2B organizations need to catch up with the price. Multi-tenancy needs to be less expensive, and the ease of use and onboarding must also be better. Three tenants are allowed for every account. They have to improve their organizational features.

There is a possibility to improve the machine-to-machine authentication flow. This part of Auth0 is not really well documented, and we could really gain some additional knowledge on that.

The UI could be improved in terms of saving last filters in several screens, faster search and filter options. (not everyone remember the regex syntax by hurt)

Today we use home basic authentication and authorization, and we would like to move away from cloud and use some kind of IDP to improve authentication and authorization for our customers. So, for example, we can use the social logging feature in Auth0 to improve the customer experience.

The price modelling is a bit confusing on the site and can be costly. So if you use one measure like active user format, you need to talk to the support from Auth0 to check the price.

The Management API could be improved so it's easier to get user information.

This is a costly solution and the price of it should be reduced.

The tool's price should be improved. 

The product support for multi-tenancy could be improved further, and advanced authorization capabilities could be included in the next release.

In the past, there was an issue with the multi-tenant where there wasn't the ability to manage them. For example, if you have three tenants you couldn't have different managers, but that has been sorted out through the release tool.

The product could use a more flexible administration structure in the next release. It could be improved by extending the administration model. 

The documentation and getting started guide is excellent for JWT and client-side authentication. However, I think they can do a better job in explaining what you're supposed to do next in order to correctly follow an idiomatic approach to using the solution beyond simply passing a JWT token to a server and having the server check then signature to validate the token.

The feature improvement I would like to see in Auth0 is around authorization. They can borrow Stormpath's (their primary competitor) notion of groups and organizations built-in on their API. Currently Auth0 takes a different approach, i.e., it uses rules to store authorization-related info on the metadata.