
Support
This integration is supported by SecZetta. Learn more
SecZetta Risk-Based AuthN
SecZetta enabled real-time risk-based authentication
Integrating SecZetta and Auth0 enables real-time risk-based access policy to be utilized when non-employee users attempt to log in to a protected resource.
Auth0 can apply SecZetta user risk score(s) to an authentication decision to determine the appropriate level of authentication needed. This allows for context-based access decisions to extend to all non-employees.
Support
This integration is supported by SecZetta. Learn more

Calculate User Risk
SecZetta scores and tracks identity risk based on a profile that captures details about the user, their lifecycle and their organization.

Leveraging Risk-Based Access Policy
Auth0 can pull SecZetta Risk scores during an authentication request and apply dynamic changes to authentication requirements for risky users and/or organizations.

Operationalize Third-Party Risk
If an organization's risk score increases, their users' scores will automatically adjust to encompass that risk. This scoring system allows Auth0 to operationalize the work done around third-party risk when applying authentication policy.
Integrating SecZetta and Auth0 provides real-time risk-based access policy to be leveraged when non-employee users attempt to log in to a protected resource. Auth0 can apply SecZetta risk score(s) to an authentication decision to determine the level of authentication needed. This allows for context-based access decisions to extend to all non-employees.
Prerequisites
- An Auth0 account and tenant. Sign up for free here.
- An active SecZetta account and tenant where you have administrative privileges. To set up a new SecZetta account, please reach out to SecZetta Support.
- Auth0 MFA should be configured in the case where a login risk score is above an allowable level.
Setup in SecZetta
To configure the integration with SecZetta, the only thing required is an understanding of how users map to SecZetta profiles. SecZetta stores user data as 'profiles' and in order to look up a users risk score, the Auth0 Action needs to be able to pull the profile information for the user logging in. This is done typically by using the username field and mapping that to an attribute in SecZetta
Using Advanced Search API
The Advanced Search API is what will be used to pull the profile data based on the user logging in. You can find detailed information on this api here. This integration uses the following request body to find the user profile. There are a few variables in that body that are required (see below for configuration details)
profileTypeId
- this is the id of the profile typeattributeId
- this is the id of the attribute that will be used to look the user up (i.e.email
)uid
- the value of this attribute (i.e.john.doe@company.com
)
{
advanced_search: {
label: "All Contractors",
condition_rules_attributes: [
{
"type": "ProfileTypeRule",
"comparison_operator": "==",
"value": profileTypeId
},
{
"type": "ProfileAttributeRule",
"condition_object_id": attributeId,
"object_type": "NeAttribute",
"comparison_operator": "==",
"value": uid
}
]
}
}
Get Risk Score
Once you get the profile from the API above we need to execute one more API to grab the overall risk score for that profile.
Request URL:
https://<your-seczetta-tenant>.com/api/risk_scores?object_id=${objectId}
Example Response:
{
"risk_scores": [
{
"id": "14118693-983e-462f-a330-f3b34d29f281",
"uid": "036e7e2a3d0c41938609cdc6029d5b11",
"object_id": "633b5e71-090c-4a47-a1a3-d0b8338df872",
"object_type": "Profile",
"overall_score": 3.5,
"overall_risk_level_id": "29fc4382-2c60-4c6d-891b-15102cdc9e01",
"impact_score": 7.0,
"impact_risk_level_id": "29fc4382-2c60-4c6d-891b-15102cdc9e01",
"probability_score": 0.0,
"probability_risk_level_id": "c1f10e76-44c0-4bda-b344-8ae2a256d6c4"
}
]
}
Notice in the response that the risk score still comes back as an array of 1.
Add the Auth0 Action
- Select Add Integration (at the top of this page).
- Read the necessary access requirements and click Continue.
- Configure the integration using the following fields:
- API Key: API Token from your SecZetta tenant
- Base URL: URL for your SecZetta tenant
- Attribute ID the id of the SecZetta attribute you are searching on (i.e personal_email, user_name, etc.)
- Profile Type ID: the id of the profile type this user's profile in SecZetta
- Allowable Risk: Set to a risk score integer value above which MFA is required
- Maximum Allowed Risk: Set to a maximum risk score integer value above which login fails.
- Authenticate on error?: Choose whether or not the Action continues to authenticate on error, by default this is
No
- Token Claim Namespace: The attribute name on the access token where the users risk score will be stored. Defaults to
https://seczetta.com/risk
.
Please note,
Maximum Allowed Risk
should be greater thanAllowable Risk
. A good starting point is to use5
for allowable risk and7.5
for maximum risk
Attribute ID
andProfile Type ID
will be in the UUID v4 format. (i.e.7cffa07d-ad6d-4398-ba07-b3d1e5f9ee9f
)
- Click Create to add the integration to your Library.
- Click the Add to flow link on the pop-up that appears.
- Drag the Action into the desired location in the flow.
- Click Apply Changes.
Please note: Once the Action is added to the Post Login flow, all logins for your tenant will be processed by this Action. Please make sure all components have been configured correctly and verified on a test tenant before activating the integration in production.
Results
This Action (when configured properly) will run right before Authentication time. The Action itself controls the authentication flow and will require MFA or deny access completely if the risk score is too high.
If a user's risk score is too high, an error will occur with the following message:
A 8.25 Risk score is too high. Maximum acceptable risk is 7.5
This message can be adjusted in the Action itself.
Troubleshooting
For any issues regarding this integration please access the SecZetta support team via your portal located here.
Support
This integration is supported by SecZetta. Learn more