Creating tenants
When you sign up for Auth0, you immediately create your first tenant. Your tenant’s name and region define your Auth0 domain (in the format{tenant-name}.{region}.auth0.com), which is the base URL for your authentication requests, Management API calls, and Universal Login page.
Every tenant is fully independent. Tenants do not share users, configuration, credentials, or data unless you explicitly build an integration for it.
Most teams start with one tenant, but you can use multiple tenants to separate development environments, business units, or compliance domains.
Configuring tenants and resources
We provide several options for configuring tenants and resources:- For browser-based workflows, the Auth0 Dashboard is our web management console.
- For programmatic workflows, the Management API is the equivalent of the Dashboard.
- For terminal-based workflows, the Auth0 CLI is our offical command-line client.
- For infrastructure-as-code, the Auth0 Terraform provider lets you define and version your Auth0 configuration alongside the rest of your infrastructure.
Tenant resource overview
A tenant stores the following resources and configuration:| Resource | Description |
|---|---|
| Applications | The web apps, SPAs, native apps, and machine-to-machine clients that use Auth0 for authentication. Each application gets its own client ID and credentials. |
| APIs | The resource servers you protect with access tokens. You define permissions (scopes) here that your applications can request. |
| Connections | The identity sources your users log in with — databases, social providers (Google, GitHub, Apple), enterprise providers (SAML, Microsoft Entra ID, Okta Workforce Identity Cloud), and passwordless options (email, SMS). |
| Users | Every user profile in your directory, including credentials, metadata, linked accounts, login history, and role assignments. |
| Branding | The look and feel of your Universal Login page, email templates, phone message templates, and custom domain configuration. |
| Actions | Serverless functions that run at specific points in the Auth0 pipeline — login, registration, password reset, M2M token exchange — to add custom logic. |
| Security policies | Attack protection rules (bot detection, brute-force protection, breached password detection), multi-factor authentication settings, and access control policies. |
| Logs | A record of every authentication event and administrative action in your tenant, searchable by event type, user, IP address, and timestamp. |
| Tenant settings | Global configuration that affects the entire environment — session timeouts, signing keys, environment tags, and team member access. |