This article helps you integrate Auth0 with Workbench.
Step 1: Create a custom API in Auth0
Step 2: Connect your technology to Workbench
Step 3: Edit the device to add console access
Viewing security device details
You need an Auth0 user account with admin privileges to create the API keys.
Step 1: Create a custom API in Auth0
Note
Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.
-
Log in to the Auth0 console and navigate to Applications > APIs.
-
Create a Custom API that pulls logs from Auth0. In the Permissions tab, assign these permissions:
-
Navigate to the Auth0 Management API and click the Machine To Machine Applications tab.
-
Authorize the Custom API that you created. Give it these permissions:
-
Copy the Auth0 Management API identifier and save it for later use.
Note
When copying the Managment API identifier for Workbench, do not include /api/v2.
-
From the Custom API you created, copy the client_id and client_secret and save them for later use.
Step 2: Connect your technology to Workbench
-
Log into https://workbench.expel.io/settings/security-devices?setupIntegration=auth0. The Add Security Device screen for Auth0 appears.
-
Fill out the fields like this:
-
Name: Expel.
-
Location: the location of your server.
-
Auth0 URL: the Auth0 Management API identifier.
-
Auth0 client ID: the client_id from the Custom API.
-
Auth0 client secret: the client_secret from the Custom API.
-
-
You can set up console access now or you can set it up later.
-
Your device is now connected. To check device health, follow the Viewing security device details instructions below.
After your devices are connected to Workbench, you can view details about them. To open the device details, click Organization Settings > Security Devices. Locate the device you want more details for. Click the arrow next to the name and click View details.
The side panel that appears looks like this:
The side panel contains the following sections:
-
Device Health: you see an Alerts Analysis dashboard snapshot for the selected device along with the device’s health status, connection, data, and alerts data. This at-a-glance information let's you stay on top of the device and what it's doing.
Tip
If you have a AWS CloudTrail device, you also see a Last data received time stamp that shows you when we last polled for log data. You also see a Last successful poll time stamp. These help you know if your AWS CloudTrail device is communicating with Workbench, even if alerts aren't being generated. We're working on deploying the last data received capability to other devices.
If you have a AWS CloudTrail, you also see View Inaccessible Accounts. Clicking this button shows you the AWS accounts that are inaccessible to Workbench. This can highlight gaps in service delivery for AWS CloudTrail. To provide access, login to your AWS environment associated with the device and grant permission.
-
Information: you see general device data, including the device name, location, GUID, and so on. These are the data points associated with creating or editing a device.
-
History: you see the history of changes in health status or edits made by a Workbench user. You know what changed, who made the change, and when.
In these sections you can click buttons to copy information or go directly to other areas in Workbench. Additionally, we include tool tips to help you understand what you're seeing.
In the side panel, you can edit the selected device by clicking Edit Device. You can also navigate to the previous or next device in the list by clicking the arrows.
Tip
This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!
AuthO