Skip to main content

What Living Security needs

Scopes: read:users read:logs on the Auth0 Management APIread:users backs the users sync (/api/v2/users) and read:logs backs the log-events sync (/api/v2/logs). Required role: Admin or Owner in Auth0 (to create applications and manage API permissions)

Prerequisites

  • You must have Admin or Owner access in your Auth0 tenant to create Machine-to-Machine applications and manage API permissions.

Part A — In Auth0

Your Auth0 administrator completes these steps.
1

Create a Machine-to-Machine application

  1. Log in to your Auth0 Dashboard.
  2. Navigate to ApplicationsApplications.
  3. Click Create Application.
Auth0 Create Application button
  1. Enter a unique name for your application (e.g., Living Security Platform).
  2. Select Machine to Machine Applications as the application type.
Auth0 application type selection
  1. Click Create.
2

Authorize the API and select permissions

  1. From the dropdown menu, choose the Auth0 Management API.
  2. Select the Permissions read:users and read:logs.
Auth0 API permissions selection
  1. Click Authorize to complete the application setup.
3

Copy the Client ID and Client Secret

  1. On the application page, navigate to the Settings tab.
  2. Find your Client ID at the top of the page.
  3. Scroll to the Credentials section to find your Client Secret.
Auth0 credentials section showing Client ID and Client Secret
The Client Secret is sensitive credential material. Store it in a password vault or secrets manager. Do not email it — use delegated setup so the admin enters it directly into the platform.
4

Find your HostName

From the Quickstart tab of your application, Auth0 provides an example token request. Your HostName is the domain that appears after https:// and before /oauth/token.For example, in https://dev-tb1x5mahjyey84y4.us.auth0.com/oauth/token, the HostName is dev-tb1x5mahjyey84y4.us.auth0.com.Auth0 Quickstart showing the domain in the token request example
5

Find your Audience

  1. Navigate to ApplicationsAPIs in the Auth0 Dashboard.
  2. Find the API you authorized in Step 2.
  3. The Identifier field contains your Audience value.
Auth0 API identifier field
6

Find your Organization (optional)

If your tenant uses Auth0 Organizations:
  1. Navigate to Organizations in the Auth0 Dashboard.
  2. Find the organization name or ID you want the integration to be associated with.
This field is optional. Only provide it if your tenant is configured to use Auth0 Organizations and you want to scope the integration to a specific organization.

Part B — In the Living Security Platform

The program owner completes this step, or the system admin if using delegated setup.
1
You are now connected to Auth0 (Client Credentials).

Troubleshooting

The credentials are invalid. Check:
  1. Client ID and Client Secret are correct
  2. Client Secret has not been rotated or revoked
  3. HostName matches your Auth0 tenant domain exactly
The application is missing required permissions. Verify that:
  1. The application is authorized for the correct API
  2. The read:users and read:logs permissions are granted
  3. The Audience value matches the API identifier
The Audience value does not match any API configured in your Auth0 tenant. Verify the API identifier in Applications → APIs.

Portions of this documentation are adapted from Nango, used under the Elastic License 2.0.