1. Expel Help Center
  2. Connect Your Technology
  3. L-P Integrations

Okta Auth0 Setup for Workbench

This topic helps you integrate Okta Auth0 with Workbench.

Prerequisites

  1. You must have an Auth0 user account with admin privileges to create the API keys.

Quick Links

  1. Create a Custom API in Auth0
  2. Connect Your Technology to Workbench
  3. Edit the Device to Add Console Access
  4. Viewing Security Device Details

Step 1: Create a Custom API in Auth0

  1. Log in to the Auth0 dashboard.

  2. Navigate to Applications > APIs.

  3. Select Auth0 Management API.
  4. Copy the "Identifier" URL without the /api/v2/ path on the end and save it in a safe place for use in a later step.
    auth0-identifier-url.png
  5. In the side navigation under Applications, choose Applications and select Create Application.
  6. Choose Machine to Machine Applications and select Create.
  7. On the Authorize Machine to Machine Application screen, select Auth0 Management API from the dropdown.
  8. Assign the following permissions:

    • read:logs_users

    • read:logs

    • read:users

    • read:user_idp_tokens

  9. Select Authorize.
  10. On the My App page, select the Settings tab.
  11. Copy and save the Client ID and Client Secret values to a safe place for use in a later step.

Step 2: Connect Your Technology to Workbench

  1. Log in to Workbench.
  2. In the side menu, navigate to Organization Settings > Security Devices.
  3. Select the Add Security Device button.
  4. In the search box, type “auth0” and then select the Auth0 integration.
    Screenshot 2025-02-28 at 4.42.40 PM.png

  5. Complete the fields as follows:

    • Name - enter a name that might help you more easily identify this integration, such as “CompanyName Auth0”; this name will display in Workbench under the Name column, and is a text string that you can filter on.

    • Location - enter the location of your integration, for example “cloud”; this is also a text string that you can filter on, so we recommend being consistent with location naming across your Expel integrations.

    • Auth0 URL - enter the Auth0 Management API identifier without /api/v2/ on the end. For example, https://companyname.us.auth0.com.

    • Auth0 client ID - enter the Client ID you saved earlier.

    • Auth0 client secret - enter the Client Secret you saved earlier.

  6. Select Save.

  7. You can set up console access now or you can set it up later. To set it up now, skip to Step 3. If not, choose the "Set up later" option and select Save.

  8. Your device is now connected. To check device health, follow the Viewing Security Device Details instructions below.

Step 3: Edit the Device to Add Console Access (Optional)

Expel uses console access to your device to allow our SOC analysts to dig deeper during incident investigations. Additionally, our engineering teams use this access to investigate potential health issues, including proper alert ingestion. Learn more about why Expel requests console access.

Note
Expel secures all login information our SOC analysts need about your devices in an MFA password product. Access to this login information is protected using our internal MFA processes. Learn more about the IP addresses all Expel traffic comes from.

  1. Open Workbench and navigate to Organization Settings > Security Devices. Next to the device you just connected, select the down arrow and select Edit.

  2. In the Console Login area, provide these details:

    • Console URL - enter the console URL from the Server address in the Connection Settings area above. At the end of the URL, type /login.

    • Username - enter the user name you created above.

    • Password - enter the password you created above.

    • Two-factor secret key (32-character code) - depending on how your organization enforces logins, this field may not apply to you. In these cases, you can leave it blank. This field is optional and if you have questions or concerns, contact support.

  3. Select Save.

Viewing Security Device Details

After your devices are connected to Workbench, you can view details about them. To open the device details:

  1. Select Organization Settings > Security Devices.
  2. Locate the device you want more details for. Select the arrow next to the name and select View details.
  3. The side panel appears, and contains the following sections:

  • Device Health: you see an Alerts Analysis dashboard snapshot for the selected device along with the device’s health status, connection, data, and alerts data. This at-a-glance information lets you stay on top of the device and what it's doing.

  • Information: you see general device data, including the device name, location, GUID, and so on. These are the data points associated with creating or editing a device.

  • History: you see the history of changes in health status or edits made by a Workbench user. You know what changed, who made the change, and when.

In these sections you can select buttons to copy information or go directly to other areas in Workbench. Additionally, we include tool tips to help you understand what you're seeing.

In the side panel, you can edit the selected device by selecting Edit Device. You can also navigate to the previous or next device in the list by selecting the arrows.

Related articles