Official IntegrationLive on Auth0 Marketplace

Auth0 Integration

Monitor authentication events from your Auth0 tenant in real-time. Choose between Auth0 Actions for instant events or Log Streams for comprehensive audit logging.

Setup with Actions Setup with Log Streams

What You Get

Two Integration Methods

Choose between Auth0 Actions for real-time events or Log Streams for comprehensive logging

Full Forensic Data

Capture IP addresses, User-Agent, risk scores, and MFA status from Auth0

Behavioral AI Ready

Enable Impossible Travel, Geo Anomaly, and VPN/Tor detection with IP data

Unified Timeline

View all auth events alongside other security data in your dashboard

Auth0 Marketplace

Now Available

LiteSOC is officially listed on the Auth0 Marketplace. Install directly from the marketplace with a single click, no code required.

Install from Auth0 Marketplace

Choose Your Integration Method

Both methods work great. Choose based on your needs.

Recommended

Auth0 Actions

Real-time events via custom Actions

Real-time event delivery
Full IP & User-Agent capture
Access to Auth0 risk scores
Behavioral AI detection enabled
~Requires Action code setup

Zero-Code

Auth0 Log Streams

Webhook-based log delivery

20+ event types supported
No code required
Includes IP addresses
Comprehensive audit log
~Near real-time (slight delay)

Setup: Auth0 Actions

Create custom Actions to send events to LiteSOC in real-time.

Get Your API Key

Go to your LiteSOC dashboard → Settings → API Keys to create or copy your Live API key.

https://litesoc.io/dashboard/settings/api-keys

Create a Post-Login Action

In your Auth0 Dashboard, go to Actions → Library → Create Action → Build from scratch. Name it "LiteSOC Login Tracking" and select the Login / Post Login trigger.

Add the Action Code

Paste this code into your Action. It captures IP, User-Agent, and risk scores.

post-login.jsView on GitHub

exports.onExecutePostLogin = async (event, api) => {
  const LITESOC_API_KEY = event.secrets.LITESOC_API_KEY;
  
  await fetch('https://api.litesoc.io/collect', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'X-API-Key': `${LITESOC_API_KEY}`
    },
    body: JSON.stringify({
      event: 'auth.login_success',
      actor: {
        id: event.user.user_id,
        email: event.user.email
      },
      user_ip: event.request.ip,
      metadata: {
        auth0_tenant: event.tenant.id,
        mfa_used: event.authentication?.methods
          ?.some(m => m.name === 'mfa') || false
      }
    })
  });
};

Add Your API Key as a Secret

In the Action editor, click the 🔑 Secrets icon on the left sidebar. Add a new secret named LITESOC_API_KEY with your API key value.

Deploy & Add to Flow

Click Deploy, then go to Actions → Flows → Login. Drag your new Action into the flow and click Apply.

Additional Actions Available

We provide ready-to-use templates for other Auth0 triggers:

Post-User-Registration (signup)Post-Change-Password Send-Phone-Message (MFA)View All Templates

Events from Actions

auth.login_successPost-Login

Post-Login Action fires on successful authentication

info

auth.login_successPost-Registration

Post-User-Registration Action fires when a new user signs up

info

auth.password_resetPost-Change-Password

Post-Change-Password Action fires when password is changed

medium

auth.mfa_enabledSend-Phone-Message

Send-Phone-Message Action fires when MFA code is sent

info

Setup: Auth0 Log Streams

Configure a webhook Log Stream for zero-code integration.

Get Your API Key

Go to your LiteSOC dashboard → Settings → API Keys to create or copy your Live API key.

Create a Log Stream

In your Auth0 Dashboard, go to Monitoring → Streams → Create Log Stream → Custom Webhook.

Configure the Webhook URL

Set the Payload URL to include your API key as a query parameter:

https://api.litesoc.io/webhooks/auth0?api_key=lsoc_live_YOUR_API_KEY

Replace lsoc_live_YOUR_API_KEY with your actual API key.

Select Event Categories

Choose which events to stream. We recommend at least:

Success Login
Failed Login
Success Signup
Success Change Password
Success/Failed MFA Challenge

Save & Test

Click Save. Auth0 will send a test event — check your LiteSOC dashboard to confirm it arrived.

Log Stream Event Mapping

Auth0 log event types are automatically mapped to LiteSOC's standard events.

Auth0 Event Type	LiteSOC Event	Severity
s (Success Login)	`auth.login_success`	info
ss (Success Signup)	`auth.login_success`	info
f, fp, fu (Failed Logins)	`auth.login_failed`	medium
scp (Success Change Password)	`auth.password_reset`	medium
gd_auth_succeed	`auth.login_success`	info
gd_auth_failed	`auth.login_failed`	high
gd_enrollment_complete	`auth.mfa_enabled`	info
sapi (Success API Operation)	`admin.settings_changed`	high
limit_wc (Rate Limit)	`security.rate_limit_exceeded`	high
w (Warning)	`security.suspicious_activity`	high

🎉 Full Behavioral AI Support

Unlike some integrations, Auth0 provides IP addresses in both Actions and Log Streams. This means you get full Behavioral AI detection out of the box:

Impossible Travel Detection
Geo Anomaly Detection
VPN/Proxy/Tor Detection
Brute Force Detection (with failed logins)

Need Help?

Having trouble with your Auth0 integration? Check out our resources or reach out.

GitHub Examples API Reference Contact Support