Skip to main content
Supplemental Signals is available for Enterprise customers, and you must request the Attack Protection Add-on. Contact Auth0 Sales for more information.

Before you start

To use Akamai Supplemental Signals in Actions, you must:
Once you have configured Akamai to use Supplemental Signals, you can use the data provided in those signals in Auth0 Actions.

Supported Supplemental Signals by Action trigger

Supplemental Signal object schemas

The akamaiBot and akamaiUserRisk objects contain multiple properties you can use to customize your authentication flow.
akamaiBot
object
akamaiUserRisk
object

Use cases

Here’s an example of how you could revoke a session based on the akamaiUserRisk.score property:
Using the api.session.revoke method (compared to the api.access.deny method) ensures that if the user refreshes the application, the Akamai Supplemental Signals are sent with the authentication request and the post-login Action flow is triggered.
Here’s an example of how you could enforce MFA based on the akamaiBot.score property.

Enforce MFA

This Action performs two tasks:
  1. Update app metadata: If the score property exceeds a specified value, record that MFA is required for the session.
  2. Require MFA: If the score property exceeds a specified value or if there is a record in the app metadata indicating MFA is required for the session, enforce MFA.

Clean up app metadata

This Action removes session-specific MFA information from app metadata after the user completes MFA successfully.