Author: Toby Allen

Toby Allen is a Solutions Engineer at Okta focussed on enabling simple secure access to technology everywhere powered by Identity. While working in the communications space for 15 years he developed a keen interest in security, particularly in his 5 years working with communications APIs at Twilio and is a CISSP and CCSP. In 2022 he transitioned fulling into the security space at Okta with Identity as the core enabler of Zero trust and secure access. Holding both an MBA and multiple technical certifications he is able to bridge the gap between executives and technical teams to deliver value to his customers.

Using Auth0 CLI with Private Cloud

The Auth0 CLI is a handy tool to help with designing and building your Auth0 experience. It lets you do a number of things including: Testing your universal login flow: Emulate your end users' login experience by running auth0 test login. Troubleshooting in real-time: Inspect the events of your Auth0 integration as they happen with … Continue reading Using Auth0 CLI with Private Cloud →

Sending Feedback to Twilio Verify Fraud Guard in Auth0

Auth0 supports Twilio out of the box as a phone provider however in many instances Twilio Verify provides a better experience. The out of the box Twilio integration requires the sender to manage all of the phone numbers and Sender IDs that they need. This can be simple if you only operate in a single … Continue reading Sending Feedback to Twilio Verify Fraud Guard in Auth0 →

Tenant Access Control List (ACL): Take Control of Your Auth0 Traffic

Auth0 has released Tenant Access Control Lists (ACL). This new capability is designed to give you more granular control over the traffic accessing your Auth0 tenant and services, helping you protect against potential threats and ensure only legitimate requests make it through. Additionally, it can be used to support multi-regional deployments, easily directing customers towards … Continue reading Tenant Access Control List (ACL): Take Control of Your Auth0 Traffic →

Auth0 Forms – Adding Policy Versioning

Auth0 Forms is a tool designed to allow identity flows to be extended with customisable forms and logic, allowing use cases like progressive profiling, policy acceptance, payment collection and more within the hosted login flows you've come to know and love from Auth0. For more detail on forms please refer to my earlier post Auth0 … Continue reading Auth0 Forms – Adding Policy Versioning →

Auth0 Forms – Managing Privacy Policy Acceptance

Auth0 Forms is a powerful tool to extend identity flows with customisable forms and business logic. Forms allows for a hosted secure experience with no need to redirect users to external sites and consistent branding with Universal Login. In this blog post I will talk through how to use forms to ensure all your application … Continue reading Auth0 Forms – Managing Privacy Policy Acceptance →

Global Token Revocation – Auth0 Universal Logout integration with Okta

Auth0 has launched native support for Global Token Revocation and Okta's Universal Logout functionality. This means that Auth0 applications now natively support the ability for federated Okta customers to automatically revoke all of the users sessions and tokens when Identity Threat Protection detects malicious or suspicious behaviour. Now, Auth0 powered applications can offer the same … Continue reading Global Token Revocation – Auth0 Universal Logout integration with Okta →

How to Create a Secure CI/CD Pipeline Using Okta Terraform

Nick Connelly, a key member of the Okta Professional services team has combined his knowledge of Okta, Terraform, AWS, GitHub and secure development to write an excellent post on the Okta developer blog. Check it out -> How to Create a Secure CI/CD Pipeline Using Okta Terraform This post is a detailed look at how … Continue reading How to Create a Secure CI/CD Pipeline Using Okta Terraform →

Factor Sequencing on OIE: Authentication Method Chains

When OIE was released it championed assurance levels rather than specific authenticators. This provided a better experience for the majority of users and administrators. This ease of use came at the cost of easily being able to specify specific factors or factor orders which some customers required typically for compliance or regulatory reasons. Many of … Continue reading Factor Sequencing on OIE: Authentication Method Chains →

Okta Breached Password Detection

Okta recently made its Breached Password Detection Functionality generally available. This functionality is enabled by default. If your user's credentials appear in a list, Okta notifies you by recording the security.breached_credential.detected event in the System Log. By default, Okta expires the user's credentials and requires the user to reset their password the next time they attempt to … Continue reading Okta Breached Password Detection →

Digital Retail Summit NSW Presentation

I had the pleasure of speaking at the Digital Retail Summit for the second year in a row. Below is the presentation that I delivered. If have any questions feel free to reach out to me on LinkedIn. Digital-Retail-Summit-Sydney-June-6-Secure-Identity-is-the-foundation-for-customer-delightDownload