Back to Blog

Level Up Your Authentication Security the Easy Way with Pangea and Auth0

Michael Weinberger
Michael Weinberger

As web applications become increasingly vital to modern business and personal life, securing the authentication process is of paramount importance. Developers must stay vigilant against potential malicious actors and their associated security risks. It is not only the responsibility of security teams or SOCs to ensure security, but also increasingly the developers themselves, who must incorporate security directly into their code.

Pangea is partnering with Auth0 to provide additional security features to authentication through the use of security APIs that allow developers to easily implement robust security measures. With Pangea's APIs, developers can design their applications to make secure decisions without relying on security teams or SOCs. Pangea has created several marketplace actions for the Auth0 marketplace, enabling Auth0 customers to easily add security features such as embargo checks, domain and IP reputation checks, and more to their authentication workflow with just a few clicks. These APIs utilize some of the best security intelligence available to enhance the security of your authentication process.

What is Auth0

Auth0 (Okta) is a flexible, drop-in solution to add authentication services to your applications. Developers can avoid the cost, time, and risk that come with independently building a solution to authenticate and authorize users. They give you the ability to quickly deploy and configure authentication services for any general connected web application. If you have a very large number of potential customers or a complicated auth landscape, using Auth0 for authentication can be a worthwhile endeavor.

Auth0 has a workflow system, where actions can be added to your authentication flow. This is paired with their app marketplace which gives customers the ability to add additional functionality where it matters such as on new user account creation or user login.

Working with Pangea

While Auth0 provides a robust auth solution, it can be greatly enhanced and secured with pangea APIs. With the newly released Pangea marketplace actions you can easily add functionality that improves the security of your Auth0 flows. The following three actions can be found via the Auth0 Marketplace:

  • Pangea - Domain Check can be added to user login flows to verify that a user is not logging in with a domain that has been determined to be malicious. Once added to the flow, users will automatically be checked against the Pangea API and have their logins accepted or rejected accordingly. Pangea provides intelligence data from industry leading partners and normalizes responses to help you quickly identify malicious domains. All of this happens through a unified API and SDK - with no contracts or direct integrations to the provider required. For example, if DomainTools is chosen as the provider, a queried domain will return a standard score with an easy to interpret API response. This is then used by the action to accept or reject the user's request. The DomainTools Domain Intel dataset contains intelligence on over 390 million domain names.

  • Pangea - Embargo Check can be added to user login flows to verify that a user is not logging from an embargoed country. Once added to the flow, users will automatically be checked against the Pangea API and have their logins accepted or rejected accordingly. The Pangea Embargo service lets developers quickly check IPs and country codes against known sanction and trade embargo lists. Developers can use the Pangea-provided lists to determine where client activity is coming from and if any special action is needed, or Users can add their own lists to be checked. The Pangea lists are sourced from official government entities and are kept up to date with the latest changes. User lists can be maintained from the Pangea console without any code changes. Can be used to comply with ITAR export restrictions in the US, or other export restrictions in other parts of the world.

  • Pangea - Validate Registration combines the best of all Pangea APIs and performs domain, embargo, and ip checks to ensure new users are safe to add to your application.

  • Pangea IP reputation (Coming Soon) can be added to user login flows to verify that a user is not logging in from a known malicious IP address. This action is still in development with the data set born through the recent Pangea and Crowdstrike partnership.

All of these marketplace actions can use Pangea's audit log service to track new user account creations, logins, the status of the Pangea APIs results for domain and IP checks, and other details of the users. This gives the customer a cryptographically verifiable record of all activities and maintains insight into user issues.

We're really excited for this partnership, and are glad to be working with Auth0! Look forward to additional Auth0 marketplace actions, and additional information from Auth0 as our partnership grows. Want to try Pangea? Sign up now!

Get updates in your inbox and subscribe to our newsletter

background landmass

We were recognized by Gartner®!

Pangea is a Sample Vendor for Composable Security APIs in the 2024 App Sec Hype Cycle report