Activation required. AI access management must be enabled for your tenant before you can use it. To get started, contact the C1 support team for a walkthrough.
How C1 connects to Auth0
C1 hosts the Auth0 MCP server, so your users’ AI clients only ever see MCP tools — they never call Auth0 directly. When an AI client calls one of these tools, C1 makes the matching request to the Auth0 API using the credentials you configure here, then returns the result to the AI client. The credentials you set up below are what C1 uses to call Auth0 on your users’ behalf.Before you begin
- AI access management must be enabled for your tenant. See Enable AI access management.
- An Auth0 account with permission to create a machine-to-machine application authorized for the Auth0 Management API.
If you don’t see Auth0 in your MCP server catalog, contact the C1 support team to enable it for your tenant.
Create an Auth0 Management API token
Auth0 issues Management API tokens to a machine-to-machine application that you authorize for the Management API. Create a dedicated application so the credential is recognizable and easy to rotate.In the Auth0 Dashboard, go to Applications > Applications and create a new Machine to Machine application with a recognizable name such as
C1. See Auth0’s Create Machine-to-Machine applications documentation.Authorize the application for the Auth0 Management API and grant only the permissions you need, such as read access to users, connections, and applications.
How Auth0 credentials are shared
The Management API token authenticates every user as one shared Auth0 identity, so Auth0 sees a single identity for all tool calls. C1 still attributes each call to the individual user in the AI tool usage audit log. For a shared setup, create the credential from a dedicated machine-to-machine application so activity is attributable to C1 rather than a person. For how shared and per-user credentials work across MCP servers, see Configure authentication.Register the Auth0 MCP server in C1
With your Management API token ready, register the server and provide your credentials.Follow Register an MCP server and select Auth0 from the catalog.
When you configure authentication, choose Bearer token and paste your Auth0 Management API token.
Discover and govern tools
After you register the server, C1 runs tool discovery against Auth0. Discovered tools appear on the server’s Tools tab. Each tool starts as either Pending review or automatically Approved, depending on the option chosen when the server was set up or your tenant’s default tool settings in Settings > AI Connections. See Require tool approval and Default tool classification. Before anyone can call an Auth0 tool, it must be approved, added to a toolset, and bound to an access profile. Continue to Govern tools and toolsets to set this up.Tool discovery runs even if your credentials are incorrect, so seeing discovered tools doesn’t confirm that authentication is working. You confirm your Auth0 credentials when an approved user successfully calls an Auth0 tool from their AI client.
Manage your Auth0 credentials
- Rotate the Management API token by rotating the client secret on the machine-to-machine application in the Auth0 Dashboard, then update the token on the server’s authentication settings in C1.
- Adjust access by editing the Management API permissions granted to the application in Auth0.