> ## Documentation Index
> Fetch the complete documentation index at: https://docs.livingsecurity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Auth0

> Connect Auth0 using client credentials to import user and identity data.

export const ConnectInPlatform = ({tile, children}) => <Step title="Enter the credentials in the Living Security Platform">
    <p>
      Completed by whoever holds Living Security access — the program owner, or the system
      admin if they've been invited (delegated setup).
    </p>
    <ol>
      <li>
        Go to <strong>Settings → Integrations → Catalog</strong>, find the{' '}
        <strong>{tile}</strong> tile, click <strong>Connect</strong>.
      </li>
      <li>
        Fill in the fields below, then click <strong>Connect</strong>.
      </li>
    </ol>
    {children}
  </Step>;

export const SystemAdminBanner = ({system, recommendDelegated}) => <Note>
    <p>
      <strong>This guide is for your {system} administrator.</strong> It covers creating API
      credentials inside {system}, which requires admin access to {system} — not to the
      Living Security Platform.
    </p>
    <p>
      If you're the Living Security <strong>program owner</strong> and don't administer {system},
      send this page to whoever does. They complete Part A and hand the credentials back to you
      (or enter them directly if you've invited them into the platform).
      {recommendDelegated && <>
          {' '}Because setup produces sensitive key material, we recommend the{' '}
          <strong>delegated setup</strong> path so the secret is never sent back to you.
        </>}
    </p>
  </Note>;

<SystemAdminBanner system="Auth0" recommendDelegated={true} />

## What Living Security needs

| Credential        | Description                                                                                             |
| ----------------- | ------------------------------------------------------------------------------------------------------- |
| **Client ID**     | The unique identifier for your Auth0 Machine-to-Machine application                                     |
| **Client Secret** | The confidential key used to authenticate the application                                               |
| **HostName**      | The domain associated with your Auth0 tenant (e.g., `dev-xxxxx.us.auth0.com`)                           |
| **Audience**      | The API identifier (audience) for the token — usually `https://<tenant>/api/v2/` for the Management API |
| **Organization**  | *(Optional)* The organization name if your tenant uses Auth0 Organizations                              |

**Scopes:** `read:users` `read:logs` on the **Auth0 Management API** — `read:users` backs the users sync (`/api/v2/users`) and `read:logs` backs the log-events sync (`/api/v2/logs`).

**Required role:** **Admin** or **Owner** in Auth0 (to create applications and manage API permissions)

### Prerequisites

* You must have **Admin** or **Owner** access in your Auth0 tenant to create Machine-to-Machine applications and manage API permissions.

***

## Part A — In Auth0

*Your Auth0 administrator completes these steps.*

<Steps>
  <Step title="Create a Machine-to-Machine application">
    1. Log in to your [Auth0 Dashboard](https://manage.auth0.com/).
    2. Navigate to **Applications** → **Applications**.
    3. Click **Create Application**.

    <img src="https://mintcdn.com/livingsecurity/Pe818H7_cFW69uBg/integrations/images/auth0-cc/create_app.png?fit=max&auto=format&n=Pe818H7_cFW69uBg&q=85&s=f2889c2ff8a2fcbba922d1eb062e7045" alt="Auth0 Create Application button" width="3024" height="1330" data-path="integrations/images/auth0-cc/create_app.png" />

    4. Enter a unique name for your application (e.g., `Living Security Platform`).
    5. Select **Machine to Machine Applications** as the application type.

    <img src="https://mintcdn.com/livingsecurity/Pe818H7_cFW69uBg/integrations/images/auth0-cc/create_app_form.png?fit=max&auto=format&n=Pe818H7_cFW69uBg&q=85&s=64ed9c769b0aa298223874dfc422974b" alt="Auth0 application type selection" width="1602" height="1446" data-path="integrations/images/auth0-cc/create_app_form.png" />

    6. Click **Create**.
  </Step>

  <Step title="Authorize the API and select permissions">
    1. From the dropdown menu, choose the **Auth0 Management API**.
    2. Select the **Permissions** `read:users` and `read:logs`.

    <img src="https://mintcdn.com/livingsecurity/Pe818H7_cFW69uBg/integrations/images/auth0-cc/permissions.png?fit=max&auto=format&n=Pe818H7_cFW69uBg&q=85&s=56e6a270fcc9b99d14fc84031e888056" alt="Auth0 API permissions selection" width="1602" height="1260" data-path="integrations/images/auth0-cc/permissions.png" />

    3. Click **Authorize** to complete the application setup.
  </Step>

  <Step title="Copy the Client ID and Client Secret">
    1. On the application page, navigate to the **Settings** tab.
    2. Find your **Client ID** at the top of the page.
    3. Scroll to the **Credentials** section to find your **Client Secret**.

    <img src="https://mintcdn.com/livingsecurity/Pe818H7_cFW69uBg/integrations/images/auth0-cc/credentials.png?fit=max&auto=format&n=Pe818H7_cFW69uBg&q=85&s=dffcf7807d56479bc554b8e318393b8b" alt="Auth0 credentials section showing Client ID and Client Secret" width="2110" height="1426" data-path="integrations/images/auth0-cc/credentials.png" />

    <Warning>
      The Client Secret is sensitive credential material. Store it in a password vault or secrets manager. **Do not email it** — use delegated setup so the admin enters it directly into the platform.
    </Warning>
  </Step>

  <Step title="Find your HostName">
    From the **Quickstart** tab of your application, Auth0 provides an example token request. Your **HostName** is the domain that appears after `https://` and before `/oauth/token`.

    For example, in `https://dev-tb1x5mahjyey84y4.us.auth0.com/oauth/token`, the HostName is `dev-tb1x5mahjyey84y4.us.auth0.com`.

    <img src="https://mintcdn.com/livingsecurity/Pe818H7_cFW69uBg/integrations/images/auth0-cc/domain.png?fit=max&auto=format&n=Pe818H7_cFW69uBg&q=85&s=6109eb466086d74501f339dbe5613bf0" alt="Auth0 Quickstart showing the domain in the token request example" width="2030" height="1024" data-path="integrations/images/auth0-cc/domain.png" />
  </Step>

  <Step title="Find your Audience">
    1. Navigate to **Applications** → **APIs** in the Auth0 Dashboard.
    2. Find the API you authorized in Step 2.
    3. The **Identifier** field contains your **Audience** value.

    <img src="https://mintcdn.com/livingsecurity/Pe818H7_cFW69uBg/integrations/images/auth0-cc/audience.png?fit=max&auto=format&n=Pe818H7_cFW69uBg&q=85&s=4e560267785d2747e7c02896094dc3bf" alt="Auth0 API identifier field" width="2110" height="936" data-path="integrations/images/auth0-cc/audience.png" />
  </Step>

  <Step title="Find your Organization (optional)">
    If your tenant uses Auth0 Organizations:

    1. Navigate to **Organizations** in the Auth0 Dashboard.
    2. Find the organization name or ID you want the integration to be associated with.

    <Note>
      This field is optional. Only provide it if your tenant is configured to use Auth0 Organizations and you want to scope the integration to a specific organization.
    </Note>
  </Step>
</Steps>

***

## Part B — In the Living Security Platform

*The program owner completes this step, or the system admin if using delegated setup.*

<Steps>
  <ConnectInPlatform tile="Auth0 (Client Credentials)">
    | Field             | Value                                                           |
    | ----------------- | --------------------------------------------------------------- |
    | **Client ID**     | The Client ID from Part A, Step 3                               |
    | **Client Secret** | The Client Secret from Part A, Step 3                           |
    | **HostName**      | The domain from Part A, Step 4 (e.g., `dev-xxxxx.us.auth0.com`) |
    | **Audience**      | The API identifier from Part A, Step 5                          |
    | **Organization**  | *(Optional)* The organization name from Part A, Step 6          |

    <img src="https://mintcdn.com/livingsecurity/oVkrOMkYmNevekTI/integrations/images/auth0-cc/connect-dialog.png?fit=max&auto=format&n=oVkrOMkYmNevekTI&q=85&s=46aca1349ceea75623146e3e249bad61" alt="Living Security connect dialog for Auth0" style={{maxWidth: "450px"}} width="576" height="564" data-path="integrations/images/auth0-cc/connect-dialog.png" />
  </ConnectInPlatform>
</Steps>

You are now connected to Auth0 (Client Credentials).

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="401 Unauthorized">
    The credentials are invalid. Check:

    1. Client ID and Client Secret are correct
    2. Client Secret has not been rotated or revoked
    3. HostName matches your Auth0 tenant domain exactly
  </Accordion>

  <Accordion title="403 Forbidden">
    The application is missing required permissions. Verify that:

    1. The application is authorized for the correct API
    2. The `read:users` and `read:logs` permissions are granted
    3. The Audience value matches the API identifier
  </Accordion>

  <Accordion title="Invalid audience">
    The Audience value does not match any API configured in your Auth0 tenant. Verify the API identifier in **Applications → APIs**.
  </Accordion>
</AccordionGroup>

***

<Note>Portions of this documentation are adapted from [Nango](https://nango.dev/docs/), used under the [Elastic License 2.0](https://github.com/NangoHQ/nango?tab=License-1-ov-file#readme).</Note>
