Before you start
To configure Akamai to send Supplemental Signals to your Auth0 tenant, you must configure Akamai as a reverse proxy.
Supported login flows
Auth0 currently supports the following login flows for Supplemental Signals:- Universal Login: Identifier + Password
- Universal Login: Identifier First
- Universal Login: Signup on database connections
- Universal Login: Password reset, including Auth0 Organizations
- Resource Owner Password Grant (ROPG)
Step 1: Register an API in Akamai
For Akamai to know when login attempts succeed or fail, you’ll need to register an API in Akamai, and then define an endpoint for each Auth0 login flow you’d like to support. To learn more, read Register an API on Akamai TechDocs and Add API resources on Akamai TechDocs.New Universal Login Identifier + Password
New Universal Login Identifier + Password
Use the following values to register your API in Akamai:
After you’ve created your API, you’ll need to add an API resource for each of the following Auth0 endpoints:
/u/login/password/u/signup/u/signup/password
Add API resource
Use the following values to configure a resource on your Akamai API:- /u/login/password
- /u/signup
- /u/signup/password
Add parameters to methods
After you’ve created your API resource, you’ll need to define theRequest body parameter so Akamai can parse login requests properly.Use the following values to define the Request body parameter:- /u/login/password
- /u/signup
- /u/signup/password
New Universal Login Identifier First
New Universal Login Identifier First
Use the following values to register your API in Akamai:
After you’ve created your API, you’ll need to add an API resource for each of the following Auth0 endpoints:
/u/login/u/signup/u/signup/password
Add API resource
Use the following values to configure a resource on your Akamai API:- /u/login
- /u/signup
- /u/signup/password
Add parameters to methods
After you’ve created your API resource, you’ll need to define theRequest body parameter so Akamai can parse login requests properly.Use the following values to define the Request body parameter:- /u/login
- /u/signup
- /u/signup/password
ROPG
ROPG
Use the following values to register your API in Akamai:
After you’ve created your API, you’ll need to add an API resource for each of the following Auth0 endpoints:
/oauth/token
Add API resource
Use the following values to configure a resource on your Akamai API:- /oauth/token
Add parameters to methods
After you’ve created your API resource, you’ll need to define theRequest body parameter so Akamai can parse login requests properly.Use the following values to define the Request body parameter:- /oauth/token
Step 2: Forward bot results from Akamai to Auth0
To configure Akamai to forward bot results to Auth0, read Forward Bot Results to Origin on Akamai TechDocs.The
akamai-user-risk header may not be present on every login request, as Akamai only sends the header when it creates a user risk score.Step 3: Enable processing of Akamai headers in Auth0
You can configure Auth0 to accept Supplemental Signals sent from Akamai in the Auth0 Dashboard or with the Auth0 Management API.- Dashboard
- Management API
To enable Supplemental Signals in the Dashboard:
- Navigate to Auth0 Dashboard > Security > Attack Protection.
- Select Supplemental Signals.
- Enable the toggle for Enable Akamai headers.
If you do not see the option for Supplemental Signals in Auth0 Dashboard, you need to request the Attack Protection Add-on. To learn more, contact Auth0 Sales.
Step 4: Test and verify configuration
Test your configuration by calling each endpoint for the login flow(s) you have configured. If you’ve configured everything properly:- The
akamai-user-riskandakamai-bot headerswill be present in your tenant logs for related events. - You can use the following properties in the post-login Action
eventobject:authentication.riskAssessment.supplemental.akamai.akamaiBotauthentication.riskAssessment.supplemental.akamai.akamaiUserRisk