We’ll dive deep into the history of authentication to understand where we are today. We’ll describe the journey from passwords as a primary identifier, to the addition of other factors that increase security, to the current early days of passkeys, a passwordless phishing-resistant approach to authentication developed by the FIDO Alliance.

We'll walk through the process of migrating from Role-Based Access Control (RBAC) to Relationship-Based Access Control (ReBAC) using Okta FGA, which is based on Google Zanzibar. Okta FGA offers a powerful, scalable ReBAC solution that still supports RBAC use cases while also providing further granularity for more nuanced permissions or adding collaboration features like a "share" button to an app.

A passkey consists of a unique cryptographic key pair that enables access to online services without using a password. In this illustrated talk, I'll introduce the passkeys lifecycle; share details of the registration flow; and show the basics steps of updating, revoking, and deleting a passkey, using the Auth0 Management API.

Discover useful templates for Actions that address common use cases, such as confirming email verification, adding persistent attributes to users, or requiring MFA enrollment. We will share best practices for using Action templates and demonstrate how to customize them to meet your specific needs.

Join our panel of experts to learn more about the complex world of AI in software development. We'll explore the latest breakthroughs, address critical challenges for developers, and tackle important security and identity issues, from self-learning tools to deep fakes. You can look forward to real-world insights and practical tips. Whether you're an AI enthusiast or a skeptical developer, you'll be well-equipped to navigate the AI landscape in your projects. Let's unravel the AI puzzle together!

Learn about the Auth0 by Okta Research Program. Find out how you can participate in sharing direct feedback to influence product improvements and get involved in future research activities. Whether you're recruited for 1:1 interviews or asynchronous research, it's a rewarding opportunity for your voice to be heard.

Extend your login flow and enhance user interactions with ease using Auth0's new visual editor to create forms directly within your domain. Auth0 Forms provides an intuitive interface for building forms that address a range of use cases: progressive profiling, custom policy acceptance, custom signup/login steps, and more.

For over 1 billion people, online accessibility is an ongoing journey and not yet a fundamental principle. At Okta, we're committed to securing all customers, regardless of differences in their abilities. We've undertaken comprehensive design research and rigorous technical solutions to meet WCAG standards and empower everyone.

Learn about initiatives that tackle gender biases and help women thrive in tech. Girls in Tech founder Adriana Gascoigne explores how to overcome these challenges through collaboration and allyship, sharing insights from the work of Girls in Tech, a non-profit focused on eliminating the tech gender gap.

SaaStart, Auth0’s newest reference app, is designed to help you build a B2B SaaS app with Auth0 integration for identity and access management. We'll walk through the architecture and components you need to get started, the app installation process, and the identity capabilities you need for a competitive, resilient, and scalable SaaS app.

B2B SaaS applications are typically created by a software vendor for business customers to be used internally by employees, contractors, or suppliers. In this introduction, you'll learn about specific requirements common to B2B apps and the benefits of integrating with Auth0 - particularly the Auth0 Organizations feature.

We'll introduce knowledge and strategies to ensure your infrastructure can handle failures gracefully and maintain high availability. Via examples from Auth0’s Converged Platform, we'll explore principles of resilience engineering, practical approaches for fault-tolerant architectures, and steps for continuous improvement.

"Call to action" often refers to a task you must do quickly. In extensibility, there's a call to action, too: migrate off of Rules and Hooks before November, when the code reaches End of Life (EOL). However, this is nothing to worry about: I'll show you how to start with Auth0 Actions and how to implement quickly with ID tokens.

Discover how to craft secure authentication interfaces using the Advanced Customization features of Universal Login. You'll learn how to support multiple brands, optimize onboarding, and build beautiful UIs that enable other key product features. This session includes demos, code examples, and a deep dive into all you can do.

Auth0 automates email triggers for key events such as user registration, password resets, and email verification. Defining a custom email provider offers added flexibility, so you can customize it for specific needs. Join us for an in-depth look, with live demos and practical insights for optimizing your app's notifications.

Highly Regulated Identity (HRI) is Auth0’s Financial-Grade Identity™ solution to secure sensitive data operations and important services for your business. Learn how to use HRI everywhere you need enhanced security, such as approving changes in administrative credentials, securing privileged access to a web portal, and more.

In this interactive panel, experts from Auth0 engineering, product, and design teams will discuss our first foray into generative AI, sharing capabilities applied and challenges solved. Learn how Auth0 by Okta is implementing AI to address user needs, improve the developer experience, and enhance our customer identity product.

This session will cover some specifics of integrating a B2B SaaS application with Auth0, leveraging the platform's numerous capabilities. I’ll showcase three common B2B scenarios using a SaaS application that I’m building for theatrical productions to address the unique project management requirements of staging a play.

Be part of this conversation between Semona Igama and Aaron Parecki, author of the OAuth Global Token Revocation spec. Aaron will break down that new protocol and explain how it can effectively solve key enterprise security breach scenarios.

AI is bringing incredible technological innovation to everyone; users and developers alike are already reaping the benefits. Along with its benefits, AI also brings potential new threats to application security and user identity. Are we ready to deal with them? What can we do to harness the good of AI and fend off the bad? In this keynote, you'll learn how Okta is on your side to help you address old and new challenges in the time of AI.

A session is a distributed entity that lives in a variety of artifacts stored in multiple places. This talk will walk through new Auth0 features that guarantee a timely and complete revocation of user sessions when a session is compromised. We'll cover OIDC Backchannel Logout, Session Management API, and other scenarios.

How does a SaaS provider scale to handle billions of logins across hundreds of environments worldwide without sacrificing efficiency? In this talk, Principal Architect Tomas Soukup will share insights into the Okta Customer Identity Cloud's converged multi-cloud infrastructure platform.  Over the past two years, Okta completed the challenge of migrating thousands of customers and hundreds of deployments to our new, more resilient platform. We'll explore an architecture built not only to scale to the traffic needs of the future but also to scale operations through relentless automation and efficiency improvements.

AI application development often hits a wall when data contracts are unstable and difficult to manage. GraphQL provides the structure needed to ensure precise, reliable data access, while large language models enhance natural language interactions. Together, they enable predictable, secure, and easily governed data contracts for prompt engineering. This session explores how these technologies help reduce risks, improve data reliability, and overcome the challenges of integrating complex data sources in AI-driven applications.

This talk explores the evolution of authorization and access control as code, covering basic definitions of fine- vs coarse-grained, as well as the differences between the various models. Understand the nuances of acronyms like RBAC, ABAC, PBAC, OPA, and ReBAC, so you can make informed choices for your specific use case.

Unlike OpenID Connect, which has small moving parts and is easy to migrate, single sign-on (SSO) SAML migration is a challenge. In this talk, we'll explore why it's complex and share a set of recipes and tools to facilitate SAML migration to Auth0.

Before you start working with AI developer tools, it's essential to understand what's at stake for your product and your customers. In this talk, I'll cover some of the risks and some best practices for mitigating them. While there's no foolproof path to total security, I'll share strategies for protecting your code.

Learn how to use Auth0 to implement auth in a B2B SaaS app. In this two-part session, we introduce features such as Organizations, Actions, and the Marketplace. First, we present an overview of key platform features and their business value. Then, we'll share a hands-on visual demo of Organizations and Actions—in action.

In this talk about service releases and infrastructure, we'll look at how Auth0 supports billions of logins per month, tens of 1000s of MFA requests per day, and hundreds of 1000s of request token validations per hour. Learn about the problems you can expect when running at scale and how we mitigate outages and incidents.

Learn how to use an open-source experiment from Auth0 Lab to add new features to your Auth0 application. These pre-built UI components are reusable pieces of React code that can be easily integrated into existing projects for customization and extension. Note: This library is experimental and may not remain available.