Auth0

Set up Auth0 for automated tests with TrustCloud!

Purpose

Once you set up your compliance program, TrustCloud TrustOps works to ensure that your systems remain compliant with your adopted controls. To do so, TrustCloud runs automated tests against systems in your product and business stack and verifies that they are properly configured.

This document outlines the steps you can take to grant TrustCloud access to only read metadata about the configuration settings for your Auth0 account so that TrustOps can validate and generate evidence for your compliance program.

Instructions to grant TrustCloud limited access to Auth0 metadata

1. Log in to Auth0 with a user who is an admin of your Auth0 instance.
2. In the left sidebar, click on ‘Applications’ and select the ‘Applications’ submenu. 

   

3. Create an application by clicking on the “Create Application” button.
4. Give your application a descriptive name Ex. TrustCloud TrustCloud.
5. Choose an application type: Select ‘Machine to Machine Applications’.
6. Click on the “Create” button.
7. Select an API: Select ‘Auth0 Management API’ from the selection options.
8. Permissions: Search for ‘read’ permissions in the Permissions search bar. Select: ‘read:tenant_settings’, ‘read:users’, ‘read:attack_protection’, ‘read:mfa_policies’ scopes. (NOTE: Following screenshot does not represent the specific permissions needed, but is included to show you the permissions selection window.)
9. Click on the “Authorize” button.
   
10. Copy the newly created application ‘Connection Data Domain’ and ‘client credentials’ and save it.
11. On the created application page, click on the ‘Settings’ tab and copy the values of the input fields, and paste them in the connection setup in TrustOps:
    1. Domain
    2. Client ID
    3. Client Secret