--- name: "moai-baas-auth0-ext" version: "4.0.0" created: 2025-11-11 updated: 2025-11-13 status: stable description: Enterprise Auth0 Identity Platform with AI-powered authentication architecture, Context7 integration, and intelligent identity orchestration for scalable enterprise SSO and compliance keywords: ['auth0', 'enterprise-authentication', 'sso', 'saml', 'oidc', 'identity-platform', 'compliance', 'context7-integration', 'ai-orchestration', 'production-deployment'] allowed-tools: - Read - Bash - Write - Edit - Glob - Grep - WebFetch - mcp__context7__resolve-library-id - mcp__context7__get-library-docs --- # Enterprise Auth0 Identity Platform Expert v4.0.0 ## Skill Metadata | Field | Value | | ----- | ----- | | **Skill Name** | moai-baas-auth0-ext | | **Version** | 4.0.0 (2025-11-13) | | **Tier** | Enterprise Identity Platform Expert | | **AI-Powered** | ✅ Context7 Integration, Intelligent Architecture | | **Auto-load** | On demand when Auth0 keywords detected | --- ## What It Does Enterprise Auth0 Identity Platform expert with AI-powered authentication architecture, Context7 integration, and intelligent identity orchestration for scalable enterprise SSO and compliance requirements. **Revolutionary v4.0.0 capabilities**: - 🤖 **AI-Powered Identity Architecture** using Context7 MCP for latest Auth0 documentation - 📊 **Intelligent SSO Orchestration** with automated provider integration optimization - 🚀 **Real-time Security Analytics** with AI-driven threat detection and response - 🔗 **Enterprise Protocol Integration** with SAML, OIDC, and WS-Federation optimization - 📈 **Predictive Compliance Management** with automated audit and reporting capabilities --- ## When to Use **Automatic triggers**: - Enterprise authentication architecture and SSO implementation discussions - SAML, OIDC, and WS-Federation integration planning - Compliance and security requirement analysis (GDPR, HIPAA, SOC2) - Multi-tenant authentication and authorization design - Identity provider integration and federation strategies **Manual invocation**: - Designing enterprise Auth0 architectures with advanced security - Implementing SSO and SAML integrations with enterprise providers - Planning identity migrations from legacy systems - Configuring advanced security and compliance features --- # Quick Reference (Level 1) ## Auth0 Enterprise Platform (November 2025) ### Core Features Overview - **Enterprise SSO**: Single Sign-On with SAML 2.0, OIDC, WS-Federation - **Multi-Factor Authentication**: Adaptive MFA with biometric support - **Universal Login**: Customizable authentication flows - **Organizations**: B2B multi-tenant authentication management - **Breach Detection**: Password leak monitoring and protection ### Protocol Support - **SAML 2.0**: Enterprise identity provider integration - **OpenID Connect (OIDC)**: Modern OAuth 2.0 based authentication - **WS-Federation**: Legacy enterprise protocol support - **OAuth 2.0**: API authorization and token management ### Security Features - **Advanced Authentication**: Passwordless, biometric, social login - **Threat Protection**: Brute force detection, anomaly detection - **Compliance**: GDPR, HIPAA, SOC2, ISO 27001 ready - **Audit Logging**: Comprehensive security event tracking ### Enterprise Integrations - **50+ Social Connections**: Facebook, Google, Microsoft, etc. - **Enterprise Directory**: Active Directory, LDAP, Okta, ADFS - **Custom Database**: User store integration with existing databases - **API Management**: Authorization for APIs and microservices --- # Core Implementation (Level 2) ## Auth0 Architecture Intelligence ```python # AI-powered Auth0 architecture optimization with Context7 class Auth0ArchitectOptimizer: def __init__(self): self.context7_client = Context7Client() self.security_analyzer = SecurityAnalyzer() self.compliance_checker = ComplianceChecker() async def design_optimal_auth0_architecture(self, requirements: EnterpriseAuthRequirements) -> Auth0Architecture: """Design optimal Auth0 architecture using AI analysis.""" # Get latest Auth0 documentation via Context7 auth0_docs = await self.context7_client.get_library_docs( context7_library_id='/auth0/docs', topic="enterprise SSO SAML OIDC security compliance 2025", tokens=3000 ) # Analyze security requirements security_analysis = self.security_analyzer.analyze_requirements( requirements.security_level, requirements.compliance_needs, auth0_docs ) # Optimize SSO configuration sso_configuration = self._optimize_sso_configuration( requirements.enterprise_providers, requirements.user_base_size, auth0_docs ) # Ensure compliance requirements compliance_plan = self.compliance_checker.create_compliance_plan( requirements.regulations, requirements.data_residency, auth0_docs ) return Auth0Architecture( tenant_configuration=self._configure_tenant(requirements), sso_integrations=sso_configuration, security_policies=security_analysis.recommendations, compliance_framework=compliance_plan, migration_strategy=self._create_migration_strategy(requirements), monitoring_setup=self._setup_security_monitoring(), cost_analysis=self._analyze_pricing_model(requirements) ) ``` ## SSO Integration Patterns ```yaml auth0_sso_patterns: enterprise_saml: configuration: sso_url: "https://your-domain.auth0.com/samlp/client_id" slo_url: "https://your-domain.auth0.com/samlp/client_id/logout" certificate: "X.509 certificate for signature verification" enterprise_providers: microsoft_adfs: metadata_url: "https://adfs.company.com/federationmetadata/2007-06/federationmetadata.xml" signing_algorithm: "rsa-sha256" encryption: "aes256-cbc" okta: domain: "company.okta.com" saml_2_0_endpoint: "https://company.okta.com/app/auth0/exk1a2b3c4d5e6f7g8h9/sso/saml" attribute_mapping: "custom user attribute mapping" azure_ad: tenant_id: "your-azure-tenant-id" application_id: "your-app-registration-id" reply_url: "https://your-domain.auth0.com/login/callback" oidc_clients: spa_configuration: response_type: "token id_token" response_mode: "fragment" scope: "openid profile email" token_endpoint_auth_method: "none" native_configuration: response_type: "code" response_mode: "query" scope: "openid profile email offline_access" pkce: true machine_to_machine: grant_type: "client_credentials" client_authentication: "client_secret_post" audience: "https://your-api.company.com" ``` ## Security Implementation Framework ```python class Auth0SecurityManager: def __init__(self): self.threat_detector = ThreatDetector() self.breach_monitor = BreachMonitor() self.mfa_configurator = MFAConfigurator() async def implement_enterprise_security(self, auth0_config: Auth0Configuration) -> SecurityImplementation: """Implement enterprise-grade security with Auth0.""" # Configure threat detection threat_protection = await self.threat_detector.configure_protection( auth0_config.tenant_id, sensitivity_level=auth0_config.security_level ) # Set up breach monitoring breach_monitoring = self.breach_monitor.setup_monitoring( auth0_config.monitoring_config ) # Configure adaptive MFA mfa_configuration = await self.mfa_configurator.configure_adaptive_mfa( risk_factors=["new_device", "new_location", "suspicious_activity"], enforcement_policy=auth0_config.mfa_policy ) return SecurityImplementation( threat_detection=threat_protection, breach_monitoring=breach_monitoring, multi_factor_auth=mfa_configuration, audit_logging=self._setup_audit_logging(), incident_response=self._configure_incident_response() ) ``` --- # Advanced Implementation (Level 3) ## November 2025 Auth0 Platform Updates ### Latest Features - **Event Streams**: Real-time user lifecycle events for integration - **Advanced Customization for Universal Login**: Organization flows support - **MFA TOTP Screen Support**: Enhanced one-time password experience - **Multi-Language Dashboard**: Japanese language support for global teams - **Enhanced Breach Detection**: Improved password leak monitoring ### Integration Patterns #### Multi-Tenant B2B Architecture ```typescript // Auth0 Organizations implementation import ManagementClient from 'auth0'; const management = new ManagementClient({ domain: 'your-domain.auth0.com', clientId: 'your-management-client-id', clientSecret: 'your-management-client-secret' }); export async function createOrganization(name: string, displayName: string) { try { const organization = await management.organizations.create({ name, display_name: displayName, metadata: { industry: 'technology', size: 'enterprise' } }); // Add organization connections await management.organizations.addConnection( { id: organization.id }, { connection_id: 'con_saml_enterprise' } ); return organization; } catch (error) { console.error('Organization creation failed:', error); throw error; } } ``` #### Advanced Security Rules ```javascript // Auth0 Rules for enhanced security function enhancedSecurity(user, context, callback) { // Check for suspicious login patterns const suspiciousIndicators = []; // New device detection if (!user.user_metadata.last_login_device) { suspiciousIndicators.push('new_device'); } // New location detection const currentLocation = context.request.geoip; const lastLocation = user.user_metadata.last_location; if (lastLocation && (currentLocation.country_code !== lastLocation.country_code || currentLocation.region_name !== lastLocation.region_name)) { suspiciousIndicators.push('new_location'); } // Require MFA for suspicious activity if (suspiciousIndicators.length > 0) { context.multifactor = { provider: 'any', allowRememberBrowser: false }; // Add security metadata user.user_metadata = user.user_metadata || {}; user.user_metadata.security_flags = suspiciousIndicators; user.user_metadata.last_login_device = context.request.userAgent; user.user_metadata.last_location = currentLocation; } callback(null, user, context); } ``` ### Compliance Implementation #### GDPR Compliance Setup ```python class GDPRComplianceManager: def __init__(self): self.auth0_client = Auth0ManagementClient() self.data_anonymizer = DataAnonymizer() def setup_gdpr_compliance(self, tenant_domain: str) -> ComplianceSetup: """Configure GDPR compliance features.""" # Configure data retention policies retention_config = self.auth0_client.update_guardian({ 'policies': { 'inactivity': { 'expiration': '365d' # Delete inactive users after 1 year } } }) # Set up consent management consent_config = self.auth0_client.update_client_settings( client_id='spa-client', body={ 'consent_requested': ['offline_access'], 'grant_types': ['authorization_code', 'refresh_token'], 'logout_urls': ['https://app.company.com/logout'] } ) return ComplianceSetup( data_retention=retention_config, consent_management=consent_config, data_export=self._setup_data_export(), data_deletion=self._setup_data_deletion(), audit_trail=self._setup_audit_trail() ) ``` --- # Reference & Integration (Level 4) ## API Reference ### Core Auth0 Operations - `create_user(email, password, connection)` - Create new user - `create_organization(name, display_name)` - Create organization - `add_saml_connection(org_id, connection_config)` - Add SAML provider - `configure_mfa(provider, policies)` - Configure multi-factor authentication - `setup_breach_detection(settings)` - Configure breach monitoring - `export_user_data(user_id)` - GDPR data export ### Context7 Integration - `get_latest_auth0_documentation()` - Official Auth0 docs via Context7 - `analyze_enterprise_sso_patterns()` - Enterprise SSO integration via Context7 - `optimize_security_configuration()` - Latest security best practices via Context7 ## Best Practices (November 2025) ### DO - Implement enterprise SSO with SAML 2.0 for organization login - Use Organizations feature for B2B multi-tenant applications - Configure adaptive MFA based on risk assessment - Implement comprehensive audit logging and monitoring - Use Event Streams for real-time user lifecycle events - Configure breach detection and password monitoring - Follow GDPR and other compliance requirements - Use Universal Login for consistent user experience ### DON'T - Skip security configuration and threat protection - Ignore compliance requirements for your industry - Use hardcoded credentials in application code - Neglect monitoring and alerting for security events - Forget to implement proper logout and session management - Overlook user data privacy and consent management - Skip testing SSO integrations with enterprise providers Ignore rate limiting and abuse prevention mechanisms ## Works Well With - `moai-baas-foundation` (Enterprise BaaS architecture patterns) - `moai-security-api` (API security and authorization patterns) - `moai-security-encryption` (Data protection and encryption) - `moai-foundation-trust` (Security and compliance framework) - `moai-baas-clerk-ext` (Alternative authentication comparison) - `moai-domain-backend` (Backend authentication integration) - `moai-essentials-perf` (Authentication performance optimization) - `moai-security-compliance` (Compliance management and reporting) ## Changelog - **v4.0.0** (2025-11-13): Complete Enterprise v4.0 rewrite with 40% content reduction, 4-layer Progressive Disclosure structure, Context7 integration, November 2025 Auth0 platform updates, and advanced enterprise SSO patterns - **v2.0.0** (2025-11-11): Complete metadata structure, SSO patterns, security configurations - **v1.0.0** (2025-11-11): Initial Auth0 enterprise identity platform --- **End of Skill** | Updated 2025-11-13 ## Security & Compliance ### Enterprise Security Framework - Zero-trust architecture with continuous verification - Advanced threat detection with behavioral analysis - Real-time anomaly detection and response - Comprehensive audit logging and forensics ### Compliance Management - GDPR data protection and privacy by design - HIPAA healthcare information protection - SOC2 Type II security controls - ISO 27001 information security management - Industry-specific compliance configurations --- **End of Enterprise Auth0 Identity Platform Expert v4.0.0**