Last Updated: Jul 24, 2025
Overview
This article provides the steps for customers who have a paid Auth0 subscription to conduct a security test of their application involving Auth0 infrastructure (e.g., tenant-name.auth0.com) with prior approval.
Applies To
- Security Test
- Vulnerability scan
- Vulnerability Assessment
- Penetration Test
- Self-Service Subscription
- Enterprise Subscription
Solution
To request approval to conduct a security test, provide notification via the Support Center at least seven days before the test’s planned start date.
- Submit a new support ticket via the Support Center.
- Provide the following required information in the ticket:
- The specific dates, times, and timezone of the test.
- The scope and purpose of the test.
- The IP address(es) from which the test will originate.
- The tooling that will be used.
- Requests per second, which must be conformant with the Rate Limit Policy.
- The Auth0 tenant(s) involved.
- Two contacts, including phone numbers and email addresses, who will be available during the entire test period so Auth0 Support can reach out if needed. If these contacts cannot be reached, Auth0 reserve the right to take measures to protect the service, which may include shutting down or blocking the tenant and/or the source of the intrusion traffic.
NOTE: Penetration tests are not allowed during change freezes. Approved tests scheduled to occur during an ad hoc change freeze will be rescheduled. Exceptions may be granted in extenuating circumstances.