Skip to main content
Auth0 Supplemental Signals is currently in Early Access.By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. To learn more about Auth0 product release stages, read Product Release Stages.
Before you startTo configure Akamai to send supplemental signals to your Auth0 tenant, you must configure Akamai as a reverse proxy.
If you use Akamai Bot Manager and/or Akamai Account Protector, you can configure your reverse proxy in Akamai to send the results to Auth0 and use the results in Actions.

Supported login flows

Auth0 currently supports the following login flows for Akamai supplemental signals:

Step 1: Register an API in Akamai

For Akamai to know when login attempts succeed or fail, you’ll need to register an API in Akamai, and then define an endpoint for each Auth0 login flow you’d like to support. To learn more, read Register an API on Akamai TechDocs and Add API resources on Akamai TechDocs.
Use the following values to register your API in Akamai:
PropertyValue
API base path/u
API key locationHeader
After you’ve created your API, you’ll need to add an API resource for each of the following Auth0 endpoints:
  • /u/login/password
  • /u/signup
  • /u/signup/password
The process is the same for all endpoints, but the configuration values differ slightly.

Add API resource

Use the following values to configure a resource on your Akamai API:
  • /u/login/password
  • /u/signup
  • /u/signup/password
PropertyValue
API undefined parametersSpecific (Request body)
Path/login/password
MethodsPOST

Add parameters to methods

After you’ve created your API resource, you’ll need to define the Request body parameter so Akamai can parse login requests properly.Use the following values to define the Request body parameter:
  • /u/login/password
  • /u/signup
  • /u/signup/password
PropertyValue
FormatJSON
RequiredYes
Define body formatYes
Schema detailsSee below.
{
  "requestBody": {
    "content": {
      "application/x-www-form-urlencoded": {
        "schema": {
          "type": "object",
          "required": [
            "state"
          ],
          "properties": {
            "state": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "maxItems": 256
            },
            "username": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "maxItems": 256
            },
            "password": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "maxItems": 256
            },
            "action": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "maxItems": 256
            }
          }
        }
      }
    },
    "required": true
  }
}
Use the following values to register your API in Akamai:
PropertyValue
API base path/u
API key locationHeader
After you’ve created your API, you’ll need to add an API resource for each of the following Auth0 endpoints:
  • /u/login
  • /u/signup
  • /u/signup/password
The process is the same for all endpoints, but the configuration values differ slightly.

Add API resource

Use the following values to configure a resource on your Akamai API:
  • /u/login
  • /u/signup
  • /u/signup/password
PropertyValue
API undefined parametersSpecific (Request body)
Path/login
MethodsPOST

Add parameters to methods

After you’ve created your API resource, you’ll need to define the Request body parameter so Akamai can parse login requests properly.Use the following values to define the Request body parameter:
  • /u/login
  • /u/signup
  • /u/signup/password
PropertyValue
FormatJSON
RequiredYes
Define body formatYes
Schema detailsSee below.
{
  "requestBody": {
    "content": {
      "application/x-www-form-urlencoded": {
        "schema": {
          "type": "object",
          "required": [
            "state"
          ],
          "properties": {
            "state": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "maxItems": 256
            },
            "username": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "maxItems": 256
            },
            "password": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "maxItems": 256
            },
            "action": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "maxItems": 256
            }
          }
        }
      }
    },
    "required": true
  }
}
Use the following values to register your API in Akamai:
PropertyValue
API base pathNone.
API key locationHeader
After you’ve created your API, you’ll need to add an API resource for each of the following Auth0 endpoints:
  • /oauth/token
The process is the same for all endpoints, but the configuration values differ slightly.

Add API resource

Use the following values to configure a resource on your Akamai API:
  • /oauth/token
PropertyValue
API undefined parametersSpecific (Request body)
Path/oauth/token
MethodsPOST

Add parameters to methods

After you’ve created your API resource, you’ll need to define the Request body parameter so Akamai can parse login requests properly.Use the following values to define the Request body parameter:
  • /oauth/token
PropertyValue
FormatJSON
RequiredYes
Define body formatYes
Schema detailsSee below.
{
  "requestBody": {
    "content": {
      "application/x-www-form-urlencoded": {
        "schema": {
          "type": "object",
          "properties": {
            "username": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "maxItems": 256
            },
            "password": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "maxItems": 256
            }
          }
        }
      }
    },
    "required": true
  }
}

Step 2: Forward bot results from Akamai to Auth0

To configure Akamai to forward bot results to Auth0, read Forward Bot Results to Origin on Akamai TechDocs.
The akamai-user-risk header may not be present on every login request, as Akamai only sends the header when it creates a user risk score.

Step 3: Enable processing of Akamai headers in Auth0

You can configure Auth0 to accept supplemental signals sent from Akamai in the Auth0 Dashboard or with the Auth0 Management API.
  • Dashboard
  • Management API
To enable supplemental signals in the Dashboard:
  1. Go to Dashboard > Security > Attack Protection.
  2. Select Supplemental Signals.
  3. Enable the toggle for Enable Akamai headers.

Step 4: Test and verify configuration

Test your configuration by calling each endpoint for the login flow(s) you have configured. If you’ve configured everything properly:
  • The akamai-user-risk and akamai-bot headers will be present in your tenant logs for related events.
  • You can use the following properties in the post-login Action event object:
    • authentication.riskAssessment.supplemental.akamai.akamaiBot
    • authentication.riskAssessment.supplemental.akamai.akamaiUserRisk
I