Auth0

Set up Auth0 for automated tests with TrustCloud

Purpose

Once you set up your compliance program, TrustCloud TrustOps works to ensure that your systems remain compliant with your adopted controls. To do so, TrustCloud runs automated tests against systems in your product and business stack, and verifies that they are properly configured.

This document outlines the steps you can take to grant TrustCloud access to only read metadata about the configuration settings for your Auth0 account, so that TrustOps can validate and generate evidence for your compliance program.

Instructions to grant TrustCloud limited access to Auth0 metadata

1. Log into Auth0 with a user who is an admin of your Auth0 instance.
2. In the left sidebar, click the Applications, then select the Applications submenu.
   
3. Create an application by clicking the Create Application button on the applications page.
4. Give your application a descriptive name Ex. TrustCloud TrustCloud
5. • Choose an applcation type: Select Machine to Machine Applications application type
6. Click on Create button.
7. Select an API: Select the Auth0 Management API from the select options
8. Permissions: Search for read permissions in the search permission input, then Select: read:tenant_settings, read:users,read:attack_protection, read:mfa_policies scopes. (Note below screenshot does not represent the specific permissions needed, but is included to show you the permissions selection window.)
9. Click on the Authorize button.
   
10. Copy the newly created application connection data domain and client credentials and save it.
11. On the created application page click on the Settings tab and copy the values of the input fields, and paste them in the connection setup in TrustOps:
    • Domain
    • Client ID
    • Client Secret