I'm a security architect. The product is used by our customers, not by our company people directly, so I expect we would have several thousand people using this solution.
Security Architect at a construction company with 10,001+ employees
Provides login authentication for mobile apps and has good stability
Pros and Cons
- "It has improved our organization by providing login authentication for a mobile app."
- "The product could use a more flexible administration structure"
What is our primary use case?
How has it helped my organization?
It has improved our organization by providing login authentication for a mobile app.
What is most valuable?
The most valuable feature would have to be authentication using OpenID Connect.
What needs improvement?
The product could use a more flexible administration structure in the next release. It could be improved by extending the administration model.
Buyer's Guide
Auth0
November 2024
Learn what your peers think about Auth0. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,763 professionals have used our research since 2012.
For how long have I used the solution?
I've been using Auth0 for about two years.
What do I think about the stability of the solution?
There is no problem with product stability.
What do I think about the scalability of the solution?
We haven't had any problems with scalability.
How are customer service and support?
We've had good experience with technical support.
Which solution did I use previously and why did I switch?
We previously used a different solution which was an open-source solution that was on-prem. I can't recall the name of that, but it was an open-source tool. One of the main reasons we switched to Auth0 is that supporting an on-prem version required a certain amount of expertise and management and we didn't need to be spending money on that if we were using a software as a service provider.
The other aspect was that on-prem you have to manage the security yourself. By using a software product as a service provider in the cloud, we were able to outsource those security concerns to them. The security was their responsibility and no longer our problem.
How was the initial setup?
The setup is straightforward. We've deployed it in a number of applications, some of those would have taken less than a couple of days of development and deployment, and some of them would have taken weeks. But it's dependent on the complexity of the deployment. That's not a function of Auth0, it's a function of what our digital transformation is trying to do. We used an Auth0 consultant for deployment.
What about the implementation team?
We used an Auth0 consultant for implementation and he was very good and very knowledgeable. There is nobody in our company dedicated to maintaining the system for our customers.
What's my experience with pricing, setup cost, and licensing?
There are licensing costs for this product. We have an enterprise agreement with Auth0.
Which other solutions did I evaluate?
We evaluated a couple of other options before choosing Auth0. We looked at Microsoft and Okta. We went with Auth0 because at the time Microsoft was about to renew, so it wasn't as easy to set up, although Microsoft is a fine product and Okta is also a fine product, at that stage, it was more aligned on-prem authentication than it was to B2C.
What other advice do I have?
In terms of advice, I think that if your application is developer-driven, then Auth0 provides extremely good developer support and supports multiple development tools and strategies. That's where I believe the product comes into its own. If you're enterprise, then Okta or Microsoft are probably a better solution. It's worth watching.
I would rate this product an eight out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager at IDAZCO
It's more efficient than regular session management through a database because I only request profile data when needed.
Pros and Cons
- "I simply use the JWT from the client on the server side to process requests and push updated profile data to a database/queue as needed and end the process without having to persist data in the web server (sessions)."
- "I think they can do a better job in explaining what you're supposed to do next in order to correctly follow an idiomatic approach to using the solution beyond simply passing a JWT token to a server and having the server check then signature to validate the token."
What is most valuable?
I implemented the use of authentication workflow entirely on the client side (S.P.A./Single Page Application). This gives the client app a JWT and makes the infrastructure a lot easier to manage in a distributed way since I don't need to track user sessions on the servers anymore. Now, I simply use the JWT from the client on the server side to process requests and push updated profile data to a database/queue as needed and end the process without having to persist data in the web server (sessions).
How has it helped my organization?
We are now able to dockerize stateless containers quote easily. A typical solution for managing session data is to put it into a database, but now we don't need to do that either. Auth0 essentially acts as the database backend. However, unlike regular session management through a database, whereby one needs to touch the database every time to re-hydrate session data for every request, I only make requests to Auth0 to query for profile data when needed, thus making the application more efficient.
What needs improvement?
The documentation and getting started guide is excellent for JWT and client-side authentication. However, I think they can do a better job in explaining what you're supposed to do next in order to correctly follow an idiomatic approach to using the solution beyond simply passing a JWT token to a server and having the server check then signature to validate the token.
For how long have I used the solution?
I've just started using it.
What was my experience with deployment of the solution?
No issues encountered.
Which solution did I use previously and why did I switch?
We used regular OAuth in conjunction with our own database for people without social accounts. This is much better because everything is wrapped and normalized through one service. It even supports non-OAuth solutions such as Active Directory and LDAP which is good.
How was the initial setup?
It was extremely simple and their site even generates sample code in various languages.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Auth0
November 2024
Learn what your peers think about Auth0. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,763 professionals have used our research since 2012.
Platform Engineer - Linux at a tech services company with 201-500 employees
Easy and flexible integration regardless of the codebase
Pros and Cons
- "The most valuable feature is that it is simple to integrate, irrespective of your codebase."
- "This is a costly solution and the price of it should be reduced."
What is our primary use case?
We were evaluating Auth0 as centralized authentication solution for our in-house development. We are searching for the best solution to take care of this because our product development is ongoing, and we want to find just the right fit. Ultimately, we did not choose Auth0.
What is most valuable?
The most valuable feature is that it is simple to integrate, irrespective of your codebase.
What needs improvement?
This is a costly solution and the price of it should be reduced.
For how long have I used the solution?
We had been evaluating and testing Auth0 for between three and four months.
What do I think about the stability of the solution?
It is pretty much stable. We did not encounter any issues with respect to integration and testing.
What do I think about the scalability of the solution?
Considering we are conducting a PoC, we are not able to fully test scalability. However, our understanding is that it scales well.
How are customer service and technical support?
My team was in touch with their counterparts from marketing and technical resources, but because it was a PoC engagement, we did not take it further.
Which solution did I use previously and why did I switch?
We did not use another SSO product before our current PoC began.
Which other solutions did I evaluate?
We have been evaluating multiple single sign-on solutions including Auth0 and Okta.
We run a successful proof of concept but we did not select Auth0 because their entire structure is hosted on AWS, and we are a data center company so we thought that having the backend hosted on AWS was not the right choice for us.
Had this same solution been available as a private deployment then it would have been the right fit for us.
What other advice do I have?
During our exploration and evaluation, Auth0 and Okta were the top contenders from a pure authentication point. My advice for anybody who is considering such a system is to have multiple authentication systems evaluated from a technical point of view, and adopt the one which rightly suits your use case and requirements. Different products have different features sets, but what matters most is that it is purely compatible with your use case. Scalability is probably the most crucial factor.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Digital VP, Associate Principal at a consultancy with 10,001+ employees
In addition to 30 or so out-of-the-box providers, it allows custom social connections.
What is most valuable?
Social media integration: Auth0 supports over 30 social logins with support for the major ones such as Facebook, Twitter and Google. Besides the 30 or so out-of-the-box providers, Auth0 also allows custom social connections through their extensions framework. This to me provides a great amount of flexibility to solution architects.
Ready-to-use modern APIs using JSON/RESTfull
LDAP integration
How has it helped my organization?
It enables the concept of identity management.
What needs improvement?
The feature improvement I would like to see in Auth0 is around authorization. They can borrow Stormpath's (their primary competitor) notion of groups and organizations built-in on their API. Currently Auth0 takes a different approach, i.e., it uses rules to store authorization-related info on the metadata.
For how long have I used the solution?
I have used it for nine months.
What do I think about the stability of the solution?
I have not encountered any stability issues.
What do I think about the scalability of the solution?
I did encounter a scalability issue. Auth0 support engineer could have been more descriptive on the infra needs for the on-premise installation. The solution had only one MongoDB instance, which became a single point of failure. Once we hit the bottleneck, the Auth0 team was prompt enough to set up a master-slave structure to fix the issue. They could have thought about it up front.
How are customer service and technical support?
Level of technical support - 7/10. They keep changing the support engineers (shared resource pool). Every time a new engineer comes, we have to give him/her the complete background before he/she becomes productive.
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
How was the initial setup?
It is very easy to use the public cloud instance.
Which other solutions did I evaluate?
Before choosing this product, I also evaluated Stormpath.
What other advice do I have?
Be specific about the number of users, number of transactions, and the amount of data to be transferred.
Share your user journey with Auth0 up front. Jointly problem-solve on how best to minimize the number of API calls to Auth0.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Principal Architect at a computer software company with 201-500 employees
Shortens the development time, takes care of compliance, and saves a lot of money
Pros and Cons
- "The most important thing for me is compliance. Everything that they have developed in Auth0 is already certified by many regulators such as ISO. So, we do not need to take care of that. We have the shared responsibility model to share assets with other products we are using in the cloud."
- "There is a possibility to improve the machine-to-machine authentication flow. This part of Auth0 is not really well documented, and we could really gain some additional knowledge on that."
What is our primary use case?
We are building a software as a service platform of products, and we wanted our customers to be able to have the same seamless experience in terms of how they log into our products. We wanted it to be secure, and we didn't want to use our own development resources in building our own solution. We wanted something that is secure and ready at the beginning of our development so that we have a very short time to market. We wanted it to be a very extensible solution and building something on our own wasn't an option for us. We wanted something that was already there. We also wanted a company that is highly committed to delivering state-of-the-art solutions for identity management.
It is deployed in the cloud. This is a software as a service. So, our workloads work in the cloud. We are mostly using AWS, but we also have Azure and GCP. We are a multi-cloud company.
How has it helped my organization?
I was able to pass the ISO audit smoothly. When they asked me for identity management, I just told them that it is Auth0, and it was passed. So, it has helped with compliance.
We are using Auth0 Rules during the authentication process to contact our internal APIs and extend the token that Auth0 generates with additional information that comes from our database. Auth0 Rules are pretty important because by using Auth0 Rules, we are able to shorten the development time. We didn't need to do any workarounds and so on. We could quickly deploy some code into Auth0, and our use case was covered in less than one day. We are also using Actions, which is the new thing that came after Rules and Hooks.
It provides the flexibility and the customizability that we need. I did a webinar on Auth0 in AWS, and I said that we know that the software-as-a-service products are not designed to cover 100% of use cases. They are just trying to solve 90% of them, but with Auth0's Rules engine, Actions engine, and many different features, I am able to code something around Auth0. So, I can bend the existing functionality exactly for my use case. For me, this extensibility of the software or the software as a service model is very important because then I know that I won't face any roadblocks that I cannot really go around.
It allows us to tailor the user experience flow. We find the user experience with Auth0 really great, and we could customize it exactly as per our needs. The new features that they released during the last year since we have signed the contract have been helpful. The additional hosted login page that splits the authentication into two different steps and the Auth0 organization features are really great for us.
It has saved us the development time and money by not having to deal with authentication or identity management. It has shortened the development time and saved a lot of money for us. We did a case study on Auth0, and we had a 300% return on investment in terms of money. We have also reduced the development time by about two months. We also don't need people dedicated to our own solution, which is an ongoing process of saving money.
It has helped us in setting up authentication without having to hire additional staff. We were able to do that with our own resources. We don't need to have a dedicated team that is working only on identity management.
What is most valuable?
The most important thing for me is compliance. Everything that they have developed in Auth0 is already certified by many regulators such as ISO. So, we do not need to take care of that. We have the shared responsibility model to share assets with other products we are using in the cloud.
I am very pleased with the number of features that came with Auth0. I am also very happy with how Auth0 developed since we have been using it. The number of features is really great for me, and it really covers almost all of the needs that we have when deploying it into our product.
Their documentation and SDKs are great when it comes to helping developers and application builders set up authentication. On a scale of zero to 10, I would rate it a strong eight because their documentation is really good. They are able to explain a pretty complex process of authentication and authorization in simple words. Their documentation is a really great resource of knowledge, even if you are not using Auth0. That's because the process that they have implemented is a well-known standard in the industry, and they have described it really well. Their documentation is really great for us. We had no problems with SDKs, and their SDKs are also pretty good.
What needs improvement?
There is a possibility to improve the machine-to-machine authentication flow. This part of Auth0 is not really well documented, and we could really gain some additional knowledge on that.
For how long have I used the solution?
I have been using Auth0 for a year.
What do I think about the stability of the solution?
Its stability has been great. We didn't have any issues with Auth0 so far.
What do I think about the scalability of the solution?
It has been working really well for us. We don't see any issues in terms of scalability. We are going to increase its usage because this is our business.
How are customer service and support?
I really like the customer support of Auth0. I really like the people I'm working with from Auth0. They are really helpful. So, I'm very happy with them. I would rate them a nine out of 10. I didn't give a 10 because there is always room for improvement. So, a 10 is not really achievable.
Which solution did I use previously and why did I switch?
We were using a different solution from a cloud provider. We switched because we felt that the solution that we were using was not really well maintained. It was working, and it was stable, but the customer experience wasn't great. The number of features that were released when we were working with that solution was close to zero.
How was the initial setup?
It was very easy. We were able to onboard it with the first application in less than two weeks.
We had an implementation strategy. We started with a very simple PoC. We had a small dedicated team for that. I and my colleague researched and reviewed what is Auth0 capable of and designed a very small framework for working with Auth0. We quickly onboarded the first one of the five applications that we have. So, the first application was our battleground. We saw what is working and what is not working. We decided how we should work with Auth0 and how to shift everything that is possible in our case to Auth0. After that was done, we tested it on the small user base. We then, one by one, went with other applications.
What was our ROI?
We had done an Auth0 case study, and we had stated there that we had a 300% return of investment in terms of money.
What's my experience with pricing, setup cost, and licensing?
I am pretty happy with the pricing model of Auth0. It is very clear for me. Considering our scale, the features that we are using, and additional features that we bought, we still find it great. If you split the costs for the whole year and calculate the number of people you needed to hire, it always comes out to be much lesser than what we would have spent on building our own solution.
Which other solutions did I evaluate?
We did some evaluation. We evaluated the solutions that are available from various cloud providers such as AWS, GCP, and Azure.
We also looked into Okta, which was its competitor at that time. Now, Okta is the owner of Auth0. At that time, we felt that Auth0 had a big advantage over Okta. Auth0 was focused on the external users' experience. Okta, for example, was more focused on internal employees logging into the systems. It was more about internal entity management. We wanted something for external users, and Auth0 was really great at that.
We went with Auth0 also because it is a company that is fully committed only to identity management. With cloud providers, this is just another service that can be maintained. So, we wanted to go with a provider that is really focused on delivering only external identity management solutions for customers like us.
What other advice do I have?
To someone who says we can build authentication in-house, I would say that you can try it, but you will probably fail at it. The authentication and authorization process is really complex. You need to be really focused on that to be able to deliver a solution that is really secure and compliant with different standards. You can sleep peacefully having Auth0 deployed. With solutions that are built in-house, you will probably have some basic functions, but in my opinion, there is a vulnerability that will probably be exploited in the future. Auth0 is hiring people who are committed only to one particular area of computer science, which is authentication and authorization. They really understand the different algorithms that are behind that. So, if you do not have such engineers in-house, you will probably have a solution that is not 100% bulletproof.
For us, MFA is required every time someone logs in. Even though I like the idea of Adaptive MFA, it is not a good fit for our business model.
Auth0 allows us to turn on or off features like social logins, MFA, or Anomaly Detection with the flip of a switch, but it is hard to assess the importance of this feature. The ability to customize the flow for authentication and authorization is very important for us, but as a company, we don't need social logins and so on. Having them enabled would be considered unprofessional in our area, and we don't need to turn them on. So, this is very important for us that things that we do not use can be turned off.
It hasn't helped to increase new-user conversion due to less sign-up or login friction because that is not in our business use case. We do not allow people to sign in to our solutions. We are business-to-business. Similarly, it has not decreased customer support tickets due to password issues because that's not applicable to us.
I would rate Auth0 an eight out of 10. I will always say that I am a really big fan of Auth0.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Owner / Consultor Senior en Soluciones Tecnologicas at a tech services company with 51-200 employees
Has good scalability but pricing needs to be improved
Pros and Cons
- "The most valuable feature of the product is scalability."
- "The tool's price should be improved."
What is most valuable?
The most valuable feature of the product is scalability.
What needs improvement?
The tool's price should be improved.
For how long have I used the solution?
I have been using the product for three years.
What other advice do I have?
I would rate the solution a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Solutions Architect at a tech vendor with 10,001+ employees
A great solution for authentication and authorization
Pros and Cons
- "It supports identity federation, FSO and multi-tenancy."
- "The product support for multi-tenancy could be improved."
What is our primary use case?
We use this solution for authentication and authorization, and we deploy it on cloud. For example, if you log into a particular portal, this platform will help authenticate a valid user. It supports identity federation, FSO and multi-tenancy.
What needs improvement?
The product support for multi-tenancy could be improved further, and advanced authorization capabilities could be included in the next release.
For how long have I used the solution?
We have been using the solution for one month.
Which solution did I use previously and why did I switch?
We previously used AWS Cognito but switched because it did not support many functionalities.
How was the initial setup?
The initial setup was very good, and we set it up in a few hours.
What about the implementation team?
We deployed the solution in-house, and one person is enough to complete the deployment.
What's my experience with pricing, setup cost, and licensing?
I cannot comment on exact licensing costs because a different department handles it, but from my understanding, the solution is priced reasonably.
What other advice do I have?
I rate the solution an eight out of ten. The solution is good, but its support for multi-tenancy could be improved further, and advanced authorization capabilities could be included in the next release.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Architect at a construction company with 10,001+ employees
Secure, developer-friendly, and the support is good
Pros and Cons
- "The valuable features are that it is extremely secure and that it's developer-friendly."
- "In the past, there was an issue with the multi-tenant where there wasn't the ability to manage them."
What is our primary use case?
The primary use case of this solution is to authenticate APIs, customer authentication, and business-to-business authentication.
What is most valuable?
The valuable features are that it is extremely secure and that it's developer-friendly.
What needs improvement?
In the past, there was an issue with the multi-tenant where there wasn't the ability to manage them. For example, if you have three tenants you couldn't have different managers, but that has been sorted out through the release tool.
For how long have I used the solution?
I have been using Auth0 for three years.
What do I think about the stability of the solution?
This solution is stable, we have not had any issues.
What do I think about the scalability of the solution?
It's a scalable product.
How are customer service and technical support?
We have contacted technical support and find that they are good.
How was the initial setup?
The initial setup of the solution was simple, but our requirements were complex.
The deployment time varied depending on the complexity. Some would have taken a week while others would have taken three months.
What about the implementation team?
We used external consultants and consultants through Auth0 to help with the implementation.
What other advice do I have?
This solution does what we want it to do. It's good and I don't see any issues.
For anyone wanting to use this solution, make sure that your developers are fully engaged. They have to know how Auth0 works and what the best way to leverage it.
I would rate this solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Auth0 Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Single Sign-On (SSO) Access Management Customer Identity and Access Management (CIAM)Popular Comparisons
Microsoft Entra ID
CyberArk Privileged Access Manager
Omada Identity
Okta Workforce Identity
Cloudflare SASE & SSE Platform
Fortinet FortiAuthenticator
Ping Identity Platform
ForgeRock
F5 BIG-IP Access Policy Manager (APM)
Amazon Cognito
CyberArk Identity
Microsoft Entra Verified ID
Symantec Siteminder
OneLogin by One Identity
IBM Security Verify Access
Buyer's Guide
Download our free Auth0 Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Single Sign-On, what aspect do you think is the most important to look for?
- CA SiteMinder vs IBM Tivoli Access Manager
- How much time does SSO save?
- Why is SSO needed?
- What single sign-on platform do you recommend?
- Why is Single Sign-On (SSO) important for companies?
- IBM Tivoli Access Manager vs CA SSO
Update: Auth0 just announced a FREE plan that allows for up to 7000 monthly users. There are limitations, such as allowing for just 2 OAuth providers ... but for development purposes that's not a big deal IMHO. Check out the details here: bit.ly
On the down-side, they don't offer a reasonable pricing structure for solution providers who service small businesses that require Enterprise connections (AD / LDAP etc). In that area their pricing is aimed more toward singular .. large corporations.