- 28 Jun 2024
- Print
- DarkLight
Integrate Credential Intelligence with Auth0 on the Cloudflare Enforcer
- Updated on 28 Jun 2024
- Print
- DarkLight
If your organization uses HUMAN's Cloudflare Enforcer to dictate how traffic should be handled as well as Auth0 to authenticate users, then you can integrate Credential Intelligence with Auth0 on the Cloudflare Enforcer so HUMAN can continue to monitor authenticated activity. You can learn how to complete this setup in this article.
Prerequisites
- Configure your Auth0 to work with Cloudflare by following Auth0's help article, Configure Cloudflare as Reverse Proxy.
- Install the Cloudflare Enforcer by following the steps in our article.
- In Install the HUMAN Enforcer, Step 11, be sure to use the same domain from your Auth0 configuration as your Cloudflare route.
- Your Auth0 API key.
- Your HUMAN Application ID. You can find this under Platform Settings > Applications > Overview in the HUMAN console.
- A text editor and CLI.
Setup
To complete the integration, you must finish the following:
Update Cloudflare Enforcer configurations
After the initial Cloudflare Enforcer installation, you must include additional configurations to work with Auth0.
- In your preferred text editor, open the
index
file that you created your Worker in. - Update the following configurations with the given values:
px_login_credentials_extraction_enabled
:true
px_login_successful_reporting_method
:status
px_login_successful_status
:302
- Depending on if your Auth0 login is single-step or multi-step, you will need to update different configurations. If you're not sure which one your organization uses or if your organization wants to change the number of steps in the future, you can update both sets of configurations.
- If your login is single-step:
method_0
:post
pass_field_0
:password
user_field_0
:username
path_0
:/u/login
sent_through_0
:body
- If your login is multi-step:
method_1
:post
pass_field_1
:password
user_field_1
:username
path_1
:/u/login/password
sent_through_1
:body
- If your login is single-step:
- Save and close the file.
- In your CLI, enter
npm wrangler deploy
from the directory yourindex
file is located in to deploy your Enforcer to Cloudflare.
Your Enforcer has been updated with the necessary configuration to work with Auth0. You can validate the Enforcer was integrated correctly by following the steps in our help article.
Add the Enforcer to Auth0's login page
Now that your Enforcer is properly configured, you need to update your organization's Auth0 login page with the Enforcer. To do so, make the following API call to Auth0. Make sure you update <APP_ID>
with your HUMAN Application ID.
curl --request PUT \
--URL 'https://<YOUR _DOMAIN>/api/v2/branding/templates/universal-login' \
--header 'authorization: Bearer <YOUR_AUTH0_KEY> \
--header 'content-type: text/html' \
# update <APP_ID> with your Application ID
--data '<!DOCTYPE html><html><script type="text/javascript">(function(){ var s = document.createElement("script"); var p = document.getElementsByTagName("script")[0]; s.src = "/<APP_ID>/init.js"; p.parentNode.insertBefore(s,p);}());</script><head>{%- auth0:head -%}</head><body>{%- auth0:widget -%}</body></html>'
After a successful response, navigate to your Auth0 login page. Depending on your customizations, you may need to update your CSS or other settings to maintain your organization's design.
You have successfully set up Credential Intelligence to monitor traffic on your Auth0-managed login page with the Cloudflare Enforcer.