Integrate Credential Intelligence with Auth0 on the Cloudflare Enforcer
  • 28 Jun 2024
  • Dark
    Light

Integrate Credential Intelligence with Auth0 on the Cloudflare Enforcer

  • Dark
    Light

Article summary

If your organization uses HUMAN's Cloudflare Enforcer to dictate how traffic should be handled as well as Auth0 to authenticate users, then you can integrate Credential Intelligence with Auth0 on the Cloudflare Enforcer so HUMAN can continue to monitor authenticated activity. You can learn how to complete this setup in this article.

Prerequisites

  • Configure your Auth0 to work with Cloudflare by following Auth0's help article, Configure Cloudflare as Reverse Proxy.
  • Install the Cloudflare Enforcer by following the steps in our article.
    • In Install the HUMAN Enforcer, Step 11, be sure to use the same domain from your Auth0 configuration as your Cloudflare route.
  • Your Auth0 API key.
  • Your HUMAN Application ID. You can find this under Platform Settings > Applications > Overview in the HUMAN console.
  • A text editor and CLI.

Setup

To complete the integration, you must finish the following:

  1. Update Cloudflare Enforcer configurations
  2. Add the Enforcer to Auth0's login page

Update Cloudflare Enforcer configurations

After the initial Cloudflare Enforcer installation, you must include additional configurations to work with Auth0.

  1. In your preferred text editor, open the index file that you created your Worker in.
  2. Update the following configurations with the given values:
    • px_login_credentials_extraction_enabled: true
    • px_login_successful_reporting_method: status
    • px_login_successful_status: 302
  3. Depending on if your Auth0 login is single-step or multi-step, you will need to update different configurations. If you're not sure which one your organization uses or if your organization wants to change the number of steps in the future, you can update both sets of configurations.
    1. If your login is single-step:
      • method_0: post
      • pass_field_0: password
      • user_field_0: username
      • path_0: /u/login
      • sent_through_0: body
    2. If your login is multi-step:
      • method_1: post
      • pass_field_1: password
      • user_field_1: username
      • path_1: /u/login/password
      • sent_through_1: body
  4. Save and close the file.
  5. In your CLI, enter npm wrangler deploy from the directory your index file is located in to deploy your Enforcer to Cloudflare.

Your Enforcer has been updated with the necessary configuration to work with Auth0. You can validate the Enforcer was integrated correctly by following the steps in our help article.

Add the Enforcer to Auth0's login page

Now that your Enforcer is properly configured, you need to update your organization's Auth0 login page with the Enforcer. To do so, make the following API call to Auth0. Make sure you update <APP_ID> with your HUMAN Application ID.

curl --request PUT \                                                                                            
 --URL 'https://<YOUR _DOMAIN>/api/v2/branding/templates/universal-login' \
 --header 'authorization: Bearer <YOUR_AUTH0_KEY> \
 --header 'content-type: text/html' \
 # update <APP_ID> with your Application ID
 --data '<!DOCTYPE html><html><script type="text/javascript">(function(){ var s = document.createElement("script"); var p = document.getElementsByTagName("script")[0]; s.src = "/<APP_ID>/init.js"; p.parentNode.insertBefore(s,p);}());</script><head>{%- auth0:head -%}</head><body>{%- auth0:widget -%}</body></html>'

After a successful response, navigate to your Auth0 login page. Depending on your customizations, you may need to update your CSS or other settings to maintain your organization's design.

You have successfully set up Credential Intelligence to monitor traffic on your Auth0-managed login page with the Cloudflare Enforcer.


Was this article helpful?