Table: auth0_tenant_settings - Query Auth0 Tenant Settings using SQL
Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications. Your software can use Auth0 to authenticate and authorize users with a wide variety of identity providers, including social, enterprise, and username/password databases. Tenant settings in Auth0 provide configuration details and settings for each tenant, including enabled features, default settings, and customization options.
Table Usage Guide
The auth0_tenant_settings
table provides insights into tenant settings within Auth0. As a security analyst or an application developer, explore tenant-specific details through this table, including enabled features, default settings, and other customization options. Utilize it to uncover information about each tenant's configuration, such as settings related to user registration, login, and identity providers.
Examples
SSO settings
Analyze the settings to understand if Single Sign-On (SSO) is enabled and if changes to these settings are permitted, helping to ensure secure access management.
select flags ->> 'enable_sso' as enable_sso, flags ->> 'allow_changing_enable_sso' as allow_changing_enable_ssofrom auth0_tenant_settings;
select json_extract(flags, '$.enable_sso') as enable_sso, json_extract(flags, '$.allow_changing_enable_sso') as allow_changing_enable_ssofrom auth0_tenant_settings;
Enabled locales
Explore which locales have been enabled in your Auth0 tenant settings. This can help in understanding the geographical distribution of your user base.
select l as enabled_localesfrom auth0_tenant_settings t, jsonb_array_elements(t.enabled_locales) l;
select l.value as enabled_localesfrom auth0_tenant_settings t, json_each(t.enabled_locales) l;
Session and idle session lifetime settings
Analyze the settings to understand the duration of active and idle sessions within your Auth0 tenant. This can help optimize user experience by managing session lengths and idle times.
select session_lifetime, idle_session_lifetimefrom auth0_tenant_settings;
select session_lifetime, idle_session_lifetimefrom auth0_tenant_settings;
Schema for auth0_tenant_settings
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
allowed_logout_urls | jsonb | A set of URLs that are valid to redirect to after logout from Auth0. | |
change_password | jsonb | Change password page settings. | |
default_audience | text | Default audience for API Authorization. | |
default_directory | text | Name of the connection that will be used for password grants at the token endpoint. | |
default_redirection_uri | text | The default absolute redirection uri, must be https and cannot contain a fragment. | |
device_flow | jsonb | Settings for device flow. | |
domain_name | text | =, !=, ~~, ~~*, !~~, !~~* | The name of the domain. |
enabled_locales | jsonb | Supported locales for the UI. | |
error_page | jsonb | Settings for the error page. | |
flags | jsonb | Tenant flags. | |
friendly_name | text | The friendly name of the tenant. | |
guardian_mfa_page | jsonb | Guardian MFA page settings. | |
idle_session_lifetime | double precision | Force a user to login after they have been inactive for the specified number (hours). | |
picture_url | text | The URL of the tenant logo. | |
sandbox_version | text | The selected sandbox version to be used for the extensibility environment. | |
sandbox_versions_available | jsonb | A set of available sandbox versions for the extensibility environment. | |
session_cookie | jsonb | Session cookie settings. | |
session_lifetime | double precision | Login session lifetime, how long the session will stay valid (hours). | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
support_email | text | User support email. | |
support_url | text | User support URL. | |
universal_login | jsonb | Used to store additional metadata. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- auth0
You can pass the configuration to the command with the --config
argument:
steampipe_export_auth0 --config '<your_config>' auth0_tenant_settings