Static IP Addresses for Allowlisting

James.Morrison · April 11, 2018, 2:53pm

Last Updated: Oct 2, 2024

Overview

The article provides details on static IP addresses for allowlisting.

There are several parts of Auth0:

Allowing Auth0 IPs in the user’s firewall at the network level cannot be done, as Auth0 uses a dynamic set of IP Addresses and is subject to change at any time for canonical domains (domains with auth0.com) and Auth0-managed custom domains. It is recommended to implement an allow listing with the domain name instead of the IP. Enterprise customers can alternatively use the self-managed custom domains to manage the IP addresses of the domains. Then, it may be possible to implement an allow listing with the IPs managed on the customer’s proxy.
If allowing Auth0 in the user’s firewall at the network level (outbound) as the identity service, that cannot be done as Auth0 uses a dynamic set of IP Addresses and is subject to change at any time. It is recommended to allow the domain hostname instead.
For inbound connections like the calls made to the databases and servers by Auth0 Rules 90, Hooks 33, or Custom Database Scripts 81, the list of IP addresses may be found at the footer section of the Custom Database Editor and the header for the Rules Editor.

In addition, when using AD Connector 49, it works by creating an outbound connection so no inbound IPs need to be allowlisted.

Topic		Replies	Views
Auth0 IP Firewall Allow List Get Help	0	1821	October 7, 2022
IP Whitelisting on Calling clients firewall/network Get Help auth0	2	3954	November 8, 2019
Outbound IP whitelist Get Help rules , ip , whitelist	4	8233	July 25, 2019
IP range for tenant domain Get Help branding , custom-domains-flows	4	1452	July 25, 2025
Hook whitelist IP addresses are inconsistent Get Help hooks , ip , whitelist	2	3589	November 21, 2019