← Back to all sparks
Auth0 logo

Auth0

INFRA · APISDEVOPS
Velocity6.3

Authentication and authorization platform

Auth0 doubles down on enterprise provisioning and machine identity for the agent era

identityscim-provisioningenterprise-b2bmachine-identityrefresh-tokensdashboard-ux
Current state
Auth0 is expanding well beyond login into the full enterprise identity lifecycle. Recent releases center on SCIM provisioning in both directions, refresh-token lifecycle control, and machine-to-machine access scoped for AI agents and partner backends. Alongside the capability work, the Dashboard is getting an information-architecture and search overhaul.
Where it's heading
The clear arc is B2B provisioning depth: inbound SCIM groups reached GA, Google Workspace group sync opened up, and now outbound SCIM lets Auth0 push user changes downstream without custom infrastructure, making Auth0 a bidirectional provisioning hub rather than only an IdP. In parallel, refresh-token metadata and bulk revocation give operators finer session control, and M2M access for third-party apps positions Auth0 for agent-to-API authorization.
Prediction
Expect the Early Access provisioning and refresh-token endpoints to move toward GA, and the Dashboard IA refresh to exit beta as the default experience.

Recent moves

  1. 2d ago

    Automate Downstream Provisioning with Outbound SCIM for Users via Event Streams

    ⚡ SPARK

    This closes the outbound half of Auth0's provisioning story: after making inbound SCIM groups GA, Auth0 can now push user.created/updated/deleted events to any SCIM 2.0 endpoint via an Event Streams Action template, with no webhook consumer to build or host. It reframes Auth0 as a provisioning hub rather than only a consumer of directory data.

  2. 11d ago

    Refresh Token metadata is now Generally Available

    Refresh tokens can now carry up to 25 custom key-value pairs, set in Post-Login Actions and editable via the Management API. It is a session-context building block that fits the broader lifecycle-control push, now GA for Enterprise.

  3. 16d ago

    Google Workspace Directory Sync for Groups - Early Access Updates

    Google Workspace group sync drops its enrolment gate and gains native mapping of synced groups to tenant- and organization-level RBAC roles. Another step in Auth0's widening directory-integration surface, complementing the SCIM provisioning work.

  4. 18d ago

    Dashboard Search for APIs Now in Beta

    Real-time API search by id, identifier, or name in the Dashboard. A small but real operator-quality-of-life addition, part of the wider Dashboard IA and search refresh aimed at large tenants.

  5. 22d ago

    Improved refresh token management is Early Access

    New endpoints to search and bulk-revoke refresh tokens by user, client, or audience (up to 100 ids at a time). It directly complements the refresh-token metadata work, giving operators finer-grained session revocation.

  6. 25d ago

    Enhanced Bot Detection for Signup Flows

    A retuned ML model for signup-flow bot detection, rolled out automatically to Enterprise tenants using Attack Protection. Incremental security hardening on an existing surface rather than a new capability.