This article helps you integrate Auth0 with Workbench.

Before you start

Step 1: Create a custom API in Auth0

Step 2: Connect your technology to Workbench

Step 3: Edit the device to add console access

Viewing security device details

 

Before you start

You need an Auth0 user account with admin privileges to create the API keys.

Step 1: Create a custom API in Auth0

Note

Expel secures all login information our SOC analysts need about your devices in an MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.

  1. Log in to the Auth0 console and navigate to Applications > APIs.

  2. Create a Custom API that pulls logs from Auth0. In the Permissions tab, assign these permissions:

    • read:logs_users

    • read:logs

    • read:users

    • read:user_idp_tokens

  3. Navigate to the Auth0 Management API and click the Machine To Machine Applications tab.

  4. Authorize the Custom API that you created. Give it these permissions:

    • read:logs_users

    • read:logs

    • read:users

    • read:user_idp_tokens

  5. Copy the Auth0 Management API identifier and save it for later use.

  6. From the Custom API you created, copy the client_id and client_secret and save them for later use.

Step 2: Connect your technology to Workbench

  1. Log into https://workbench.expel.io/settings/security-devices?setupIntegration=auth0. The Add Security Device screen for Auth0 appears.

    Auth0_AddSecDev.png
  2. Fill out the fields like this:

    • Name: Expel.

    • Location: the location of your server.

    • Auth0 URL: the Auth0 Management API identifier.

    • Auth0 client ID: the client_id from the Custom API.

    • Auth0 client secret: the client_secret from the Custom API.

  3. Click Save.

  4. You can set up console access now or you can set it up later.

  5. Your device is now connected. To check device health, follow the Viewing security device details instructions below.

 

Step 3: Edit the device to add console access

Viewing security device details

After your devices are connected to Workbench, you can view details about them. To open the device details, click Organization Settings > Security Devices. Locate the device you want more details for. Click the arrow next to the name and click View details.

The location of the View details option on the drop-down

The side panel that appears looks like this:

security device screen

The side panel contains the following sections:

  • Device Health: you see an Alerts Analysis dashboard snapshot for the selected device along with the device’s health status, connection, data, and alerts data. This at-a-glance information let's you stay on top of the device and what it's doing.

    Tip

    If you have a AWS CloudTrail device, you also see a Last data received time stamp that shows you when we last polled for log data. You also see a Last successful poll time stamp. These help you know if your AWS CloudTrail device is communicating with Workbench, even if alerts aren't being generated. We're working on deploying the last data received capability to other devices.

    If you have a AWS CloudTrail, you also see View Inaccessible Accounts. Clicking this button shows you the AWS accounts that are inaccessible to Workbench. This can highlight gaps in service delivery for AWS CloudTrail. To provide access, login to your AWS environment associated with the device and grant permissions.

  • Information: you see general device data, including the device name, location, GUID, and so on. These are the data points associated with creating or editing a device.

  • History: you see the history of changes in health status or edits made by a Workbench user. You know what changed, who made the change, and when.

In these sections you can click buttons to copy information or go directly to other areas in Workbench. Additionally, we include tool tips to help you understand what you're seeing.

In the side panel, you can edit the selected device by clicking Edit Device. You can also navigate to the previous or next device in the list by clicking the arrows.

location of the Edit Device option on the Security Device screen

Tip

This page was accurate at the time of writing, but changes happen. If you find the instructions are outdated, let us know via your engagement manager or account representative.

AuthO