Production Checks: Best Practices
The following checks cannot be automated, so we recommend manually checking these areas prior to deployment to Production.
| Check | Description |
|---|---|
| Anomaly Detection | Review your account's Anomaly Detection capability and configuration. |
| Externalize Configuration Parameters | Externalize, instead of hard code, all configuration parameters, such as credentials, connection strings, API keys, and so on, when developing Rules, Hooks, or custom database connections. |
| Restrict Delegation | If not using Delegation, set the Allowed Apps and APIs field of your Application Settings to the current Client ID. |
| Single Sign-on (SSO) Timeout Values | Review the default SSO cookie timeout values and ensure they align with your requirements. |
| Tenants and Administrators | Review all tenants and tenant administrators to ensure they are correct. Decommission tenants that are no longer in use. Ensure that tenant administrators are limited to the necessary users. |
| Verify Client IDs in App Code | Ensure that the Client IDs in your application code align with their Auth0 Application configurations. |
| Allowlist Auth0 Public IPs | Allowlist Auth0 IPs if you're connecting to internal services or services behind a firewall when using Rules, Hooks, or custom databases. You can get a list of IP addresses in the tool tip when configuring any of these items. |