What needs improvement with Auth0?

One of the sought features in our company that we would like Auth0 Platform to improve is the adoption of new features and how quickly they are integrated. I would appreciate more extensibility features, as although extensions and plugins exist for ease of extensibility, they still are insufficient. For example, social login account linking remains unavailable in Auth0 Platform, which is one of the most requested features from our brands. Additionally, multiple custom domains are also a sought feature, especially for tenants where multiple brands share the same database in the same tenant.

Auth0 Platform works pretty well, but ways it can be improved include the universally cited complaint that the free tier is generous, but the jump to paid can be steep for a growing startup. Auth0 Platform and Okta said that they are reducing the price for users that are just starting and want to use a paid version.

I find the process of managing roles, permissions, or MFA changes in Auth0 to be straightforward; it has a very user-friendly UI. However, at times I find it difficult to understand the role. In my previous experience a couple of months ago, I checked and the permissions assigned to the user were not working, but then I had to update it by going to its company and then providing the particular permissions. That was one thing I found as a limitation of Auth0, but apart from that, Auth0's UI is very user-friendly and easy to navigate. I think additional documentation would be beneficial for Auth0. Now that I am switching into automation, token handling is needed from Auth0, as well as session handling and error handling with invalid and expired tokens. A better layout or a better way to handle those would be helpful. Additionally, improvements can be made around the authorization code flow, refresh tokens, and expired tokens.

Managing federated identities for our customers to onboard their own users in Auth0 Platform would be a great enhancement.

Auth0 Platform has an extension in the marketplace to see whatever applications I have assigned to the user. It would be easier if, as developed in Okta, they had an end-user dashboard integrated directly with Auth0 Platform's dashboard itself. That is one thing I can say could be improved. Other than that, I did not find any big impact areas for improvement because they have almost given all the features for a customer-facing platform.

Regarding areas for improvement, Auth0 Platform is a premium product, and its pricing reflects its enterprise-grade capabilities. While the cost can sometimes make smaller businesses hesitate, the return on investment usually outweighs the initial price tag when the platform is architected and implemented correctly. The comprehensive feature set, top-tier security, and reduced development time justify the investment for organizations prioritizing scalability. On the technical side, I would like to see Auth0 introduce more no-code branding options for Universal Login. Currently, achieving a highly specific, bespoke login experience often requires utilizing Liquid page templates or the newly released Advanced Customizations for Universal Login. While these are incredibly powerful tools, they do require some technical expertise to execute flawlessly. Having more robust, out-of-the-box customization options would be a great enhancement in the future.

Auth0 Platform is not as flexible compared to ForgeRock or IBM Security Access Manager. Auth0 Platform will only play on the outer boundary of the application. Once the application team requests to handle their entire system and APIs, then only ForgeRock and IBM Security Access Manager can help; Auth0 Platform cannot assist. The only area for improvement is that Auth0 Platform cannot handle requests for developing APIs for legacy systems, such as mainframe models, where ForgeRock and IBM Security Verify Access can be utilized.

I do not think there are any improvements needed for Auth0, other than maybe making it more visible to beginners. Auth0 could be made more accessible to beginners.

The pricing should be lower. A reduction of 20-25% would be great.

There is no immediate need for improvement. However, better documentation for Salesforce integration is suggested. Multi-factor authentication could be considered for future research.

Auth0 doesn’t have a great way of providing self-managed user management tools. If I have to provision my customers to manage their tenants, they don’t do it out of the box. We are wrapping a solution around it to make that happen. There are some marketplace plugins available, but they are not so great. We have developed our own custom solution to expose user management to our customers.

There are indeed areas where the product could improve. For instance, Okta offers various application configurations, enabling access management, which the tool could consider implementing. Additionally, it lacks a third-party application for provisioning, a feature that Okta provides. The tool's MFA is not as good as Microsoft Authenticator or Okta. It relies on email-based MFA, where it sends a code for verification. However, it lacks mobile apps for MFA like Microsoft Authenticator or Okta's mobile client.

It is expensive and not friendly to small developers. On the other hand, Clerk is user-friendly for smaller companies. Auth0 could become more easier. B2B organizations need to catch up with the price. Multi-tenancy needs to be less expensive, and the ease of use and onboarding must also be better. Three tenants are allowed for every account. They have to improve their organizational features.

The tool's price should be improved.

There could be an easy integration with IoT devices for the product.

The Management API could be improved so it's easier to get user information.

The product support for multi-tenancy could be improved further, and advanced authorization capabilities could be included in the next release.

When they introduced the Organizations feature they did support different login screens per organization. However, they introduced a dependency between this feature and another called the New Universal Login Experience. The New Experience is a more lightweight login screen, but it is much less customizable. For example, today, we are able to fully customize our login screen and even control the background image according to the time of day. We have code to do that. But we are not able to write code anymore in the New Experience. We really want to take the Organizations feature, but on the other hand, it is coupled with the limitations of the New Experience. That is why we have put the Organizations feature on hold. It is lacking some customization abilities.

There is a possibility to improve the machine-to-machine authentication flow. This part of Auth0 is not really well documented, and we could really gain some additional knowledge on that.

In the past, there was an issue with the multi-tenant where there wasn't the ability to manage them. For example, if you have three tenants you couldn't have different managers, but that has been sorted out through the release tool.

This is a costly solution and the price of it should be reduced.

The product could use a more flexible administration structure in the next release. It could be improved by extending the administration model.