Steampipe unbundled →
Steampipe Hub 
Hub
Plugins
turbot/auth0
Overview
15Tables
Versions
GitHub
steampipe plugin install auth0

Table: auth0_connection - Query Auth0 Connections using SQL

Auth0 Connections are integrations with identity providers that allow users to authenticate with various credentials. These identity providers can be social like Google or Facebook, enterprise identity systems like Azure AD or LDAP, or a database of users stored directly within Auth0. Each connection represents a pipeline from an application, through Auth0, to the identity provider.

Table Usage Guide

The auth0_connection table allows for deep insights into Auth0 Connections. As a security analyst, you can explore the details of each connection including the identity provider, status, options, and associated metadata. This table is particularly useful for auditing and ensuring the correct configuration of your identity providers.

Examples

Connections with MFA enabled

Explore which user connections have multi-factor authentication enabled. This is useful for assessing security measures and ensuring that extra layers of protection are in place.

select
  id,
  name,
  strategy
from
  auth0_connection
where
  options -> 'mfa' ->> 'active' = 'true';
select
  id,
  name,
  strategy
from
  auth0_connection
where
  json_extract(json_extract(options, '$.mfa'), '$.active') = 'true';

Connections with sign-up disabled

Explore which connections have not disabled the sign-up option, providing insights into potential areas of vulnerability or increased traffic. This can be useful for identifying and managing potential security risks or resource allocation.

select
  id,
  name,
  strategy
from
  auth0_connection
where
  options ->> 'disable_signup' = 'false';
select
  id,
  name,
  strategy
from
  auth0_connection
where
  json_extract(options, '$.disable_signup') = 'false';

Connections with brute-force protection disabled

Identify instances where connections lack brute-force protection to enhance security measures and prevent unauthorized access.

select
  id,
  name,
  strategy
from
  auth0_connection
where
  options ->> 'brute_force_protection' = 'false';
select
  id,
  name,
  strategy
from
  auth0_connection
where
  json_extract(options, '$.brute_force_protection') = 'false';

List password options for Auth0 database connections

Explore the password options for database connections in Auth0 to understand their policies, history, and additional security measures. This can aid in assessing the strength and security of your database connections.

select
  id,
  name,
  options ->> 'passwordPolicy' as "password_policy",
  options ->> 'password_dictionary' as "password_dictionary",
  options ->> 'password_history' as "password_history",
  options ->> 'password_no_personal_info' as "password_no_personal_info"
from
  auth0_connection
where
  strategy = 'auth0';
select
  id,
  name,
  json_extract(options, '$.passwordPolicy') as "password_policy",
  json_extract(options, '$.password_dictionary') as "password_dictionary",
  json_extract(options, '$.password_history') as "password_history",
  json_extract(options, '$.password_no_personal_info') as "password_no_personal_info"
from
  auth0_connection
where
  strategy = 'auth0';

List password complexity options for Auth0 database connections

Explore the password complexity options for your Auth0 database connections. This can help you assess and improve your system's security by understanding how complex the passwords need to be.

select
  id,
  name,
  options ->> 'password_complexity_options' as "password_complexity_options"
from
  auth0_connection
where
  strategy = 'auth0';
select
  id,
  name,
  json_extract(options, '$.password_complexity_options') as "password_complexity_options"
from
  auth0_connection
where
  strategy = 'auth0';

Ensure connection's password policy requires a minimum length of 14 or greater

Determine the areas in which your connection's password policy meets or exceeds the recommended minimum length of 14 characters. This is important for enhancing the security of your connections by ensuring robust password policies.

select
  id,
  name,
  (
    options -> 'password_complexity_options' -> 'min_length'
  ) :: integer >= 14 as "Min length > 14"
from
  auth0_connection
where
  strategy = 'auth0';
select
  id,
  name,
  json_extract(
    options,
    '$.password_complexity_options.min_length'
  ) >= 14 as "Min length > 14"
from
  auth0_connection
where
  strategy = 'auth0';

Schema for auth0_connection

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
display_nametextThe display name of the connection.
enabled_clientsjsonbThe identifiers of the clients for which the connection is to be enabled.
idtext=A generated string identifying the connection.
is_domain_connectionbooleanTrue if the connection is domain level.
metadatajsonbMetadata of the connection.
nametextThe name of the connection.
optionsjsonbOptions for validation.
provisioning_ticket_urltextProvisioning Ticket URL is Ticket URL for Active Directory/LDAP, etc.
realmsjsonbDefines the realms for which the connection will be used (ie: email domains).
show_as_buttonbooleanDisplay connection as a button.
strategytextThe identity provider identifier for the connection.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- auth0

You can pass the configuration to the command with the --config argument:

steampipe_export_auth0 --config '<your_config>' auth0_connection