Articles

Configure Auth0 Tenants for Production (2026)

April 16, 2026 4 min read

Auth0 tenants don’t actually store user data; they store your configuration for how users authenticate.

Imagine you’re setting up a new app. You need a way for users to sign up, log in, and maybe reset their password. Auth0 handles all of that for you, but it needs to know your app’s details: your app’s name, what kind of apps you have (web, mobile, etc.), what social providers you want to allow (Google, Facebook), and how you want your login page to look. All of this is stored in your Auth0 tenant.

Let’s walk through setting up a tenant for a production environment.

Tenant Setup

First, you’ll create a new tenant. This is like creating a new box for your app’s authentication configuration.

  1. Create a Tenant: Go to the Auth0 Dashboard, click "Create Tenant." Give it a descriptive name like my-awesome-app-prod. The domain will be my-awesome-app-prod.auth0.com.

Application Configuration

Next, you need to tell Auth0 about your application(s).

  1. Create an Application: In your tenant dashboard, go to "Applications" -> "Applications." Click "Create Application." Choose "Regular Web Application" for a standard web app. Name it something like My Awesome App - Web.

  2. Application Settings:

    • Allowed Callback URLs: This is crucial. It’s where Auth0 will redirect users after they successfully log in. For production, this should be your actual production domain. For example: https://my-awesome-app.com/callback. If you have multiple environments (staging, dev), you’ll add those here too, but ensure your production URL is present and correct.
    • Allowed Logout URLs: Similar to callback URLs, this is where users are redirected after logging out. Example: https://my-awesome-app.com/logout.
    • Grant Types: For a regular web app, you’ll typically have Authorization Code and Implicit checked. Authorization Code is preferred for security.
    • App Type: Ensure this matches your application (e.g., Regular Web Application).

Social Connections

If you want users to log in with Google, Facebook, or other social providers, you need to configure these.

  1. Enable a Connection: Go to "Authentication" -> "Social." Click on the provider you want (e.g., "Google").
  2. Get Credentials: You’ll need to get API credentials from the social provider itself. For Google, this involves creating an OAuth 2.0 client ID and client secret in the Google Cloud Console.
  3. Configure in Auth0: Paste the Client ID and Client Secret you obtained from Google into the corresponding fields in Auth0.
  4. Set Callback URL in Provider: Crucially, you also need to configure Auth0’s callback URL in the social provider’s settings. For Google, this would be something like https://my-awesome-app-prod.auth0.com/login/callback. Auth0 provides the exact URL to use.

Database Connections

This is for traditional email/password signups.

  1. Enable Database: Go to "Authentication" -> "Database." Ensure the Username-Password-Authentication connection is enabled. You can rename it to something like MyAwesomeAppDB for clarity.
  2. Configure Settings: Within the database connection settings, you can configure password policies (strength requirements), email verification, and the "Change Password" flow. For production, ensure email verification is enabled to confirm users have a valid email address.

Rules and Actions

Rules and Actions are where you can customize the authentication pipeline. Actions are the newer, more powerful way to do this.

  1. Example Action (Add Custom Claim): Let’s say you want to add a custom piece of information (a "claim") to a user’s token.
    • Go to "Actions" -> "Build." Click "Create Action." Select "Token Generation."
    • Write a simple Node.js script:
      exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://my-awesome-app.com/';
  if (event.user.app_metadata && event.user.app_metadata.roles) {
    api.idToken.setCustomClaim(`${namespace}roles`, event.user.app_metadata.roles);
  }
};
    • Deploy this action. Then, go to "Authentication" -> "Actions" and drag-and-drop this action into the "Login" flow.
    • To set the roles for a user, you’d typically do this via the Management API or by assigning them in the Auth0 dashboard under the user’s profile.

Branding

Make your login page look like it belongs to your app.

  1. Customize Login Page: Go to "Branding" -> "Universal Login." You can use the visual editor or edit the HTML/CSS directly. Upload your logo, change colors, and add custom CSS to match your application’s look and feel.

Production Considerations

  • Environment Variables: Never hardcode secrets like client secrets or API keys in your application code. Use environment variables. Auth0 provides these credentials securely.
  • Security: Regularly review your tenant’s security settings. Enable MFA (Multi-Factor Authentication) if applicable. Monitor logs for suspicious activity.
  • Testing: Always test your authentication flows thoroughly in a staging environment that mirrors your production setup before deploying changes to production.

The next hurdle you’ll often face is managing user roles and permissions, which builds directly on setting custom claims in your tokens.

Want structured learning?

Take the full Auth0 course →