Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Okta: Forms, Session Protection & Bot Detection

Okta
07/06/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


We'll go over this month's new available features. Generally available features. Forms is a new visual editor that allows you to build custom forms that can be used to extend your login and signup flows with additional steps and business logic. Some of the key capabilities of forms include pre-built components with front-end and back-end validations. Custom business logic with out-of-the-box integrations with third parties. Controlled and secure experience within your tenant's domain. And consistent branding experience with universal login. Using forms enables you to build use cases like progressive profiling, custom policies acceptance, and custom signup or login steps. Personalization has never been easier. Continuous session protection is now generally available for enterprise customers, providing powerful tools to dynamically manage sessions and refresh tokens within Auth0 actions. This feature offers flexible options to configure expiration settings, access additional session and token data, and revoke sessions when necessary, enhancing security and control. Key benefits of continuous session protection include dynamic session and token expiration, configure custom absolute and idle timeouts for sessions and refresh tokens using the new setExpiresAtDate and setIdleExpiresAtDate methods. These settings can be applied across users, organizations, or specific connections to meet your security and compliance needs. Enhance security with revocation. Revoke sessions and refresh tokens programmatically using actions based on custom logic or risk assessments. This allows you to take immediate action when suspicious behavior is detected or when tokens no longer meet your security policies. Comprehensive session and token insights. Access additional session and refresh token attributes within actions, enabling you to make more informed, data-driven decisions for managing user sessions. These features allow enterprise customers to dynamically improve their security posture by customizing session behavior, enforcing shorter expiration times for high-risk roles such as administrators, and revoking tokens when necessary to mitigate risks. Custom prompts passwordless support. Custom prompts provides experience flexibility by allowing customers to customize user signup, login, and other prompts and flows as they see fit for their user journeys. It allows you to collect additional information at signup or login. With this enhancement to custom prompts, you can now capture additional data during signup and login when using a passwordless connection and surfacing the data in the post-login action. Security center thresholds. Within the security center dashboard offering, customers can now set metric thresholds. This new feature provides enterprise customers with an enhanced proactive capability around the various security center monitors they track. Customers can now configure thresholds on security threat metrics and monitor when threats exceed the acceptable value. The feature is available in all public cloud environments and rolling out to private spaces throughout the next few weeks. We are excited to announce that our bot detection feature has been upgraded with a new machine learning model specifically designed to detect and prevent signup attacks. This enhancement integrates advanced ML capabilities into our proprietary bot detection system, significantly improving the identification of fraudulent account creation attempts. This feature is currently available in the new universal login experience, providing added security for customers utilizing our latest UIs in our latest UI. For customers using the classic login or custom UI, we are evaluating options to extend these capabilities in the future. As always, to activate bot detection or if you require more detailed information, please visit our online documentation or contact your account team. We are here to assist you in ensuring your systems remain secure against evolving threats. Let's wrap up with a look at early access features. Self-service single sign-on. Every B2B SaaS product exposes administrative functionality to their business customers. Typically, the subscription owner in the customer's organization can do various administrative tasks. Some are specific to the product, but a great deal of them are related to identity and shared across all SaaS apps. Single sign-on configuration, organization membership and access level management, security policies, auditing, and for products that offer programmatic access to their customers. API token management. Every SaaS company needs to build these capabilities from scratch, which is a waste of time and resources that could be spent on core product value. The most difficult of these capabilities to build and maintain is single sign-on configuration. This feature provides a flexible, self-service SSO configuration experience to our SaaS customers' business customers. Verify accounts and password reset with one-time password code. Enhance security by requiring a unique, time-sensitive OTP sent to a user's registered email or phone number to verify accounts or reset passwords. Phone extensibility. Customize outbound flexible identifier phone messages and providers with a new phone extensibility action. Thanks for viewing the Customer Identity Cloud Monthly release highlights. Information and documentation on the latest updates can be found at auth0.com change log.

TL;DR

  • Forms visual editor enables custom signup and login flows with pre-built components, third-party integrations, and consistent branding for use cases like progressive profiling and policy acceptance.
  • Continuous session protection for enterprise customers provides dynamic session management with configurable timeouts, programmatic revocation, and enhanced token insights through Auth0 actions.
  • Upgraded bot detection uses a new machine learning model to prevent signup attacks, while security center thresholds enable proactive monitoring of security metrics.
  • Self-service SSO configuration (early access) allows B2B SaaS providers to offer SSO setup to business customers without building the capability from scratch.

New Visual Forms Editor and Session Protection

Auth0's September 2024 release introduces a visual forms editor that enables developers to build custom signup and login flows with pre-built components, front-end and back-end validations, and third-party integrations. The forms feature supports use cases like progressive profiling and custom policy acceptance while maintaining consistent branding within the tenant's domain. Additionally, continuous session protection becomes generally available for enterprise customers, offering dynamic session and refresh token management through Auth0 actions. This includes configurable absolute and idle timeouts, programmatic session revocation based on risk assessments, and comprehensive session insights for data-driven security decisions.

Enhanced Security and B2B Capabilities

The release strengthens security with an upgraded bot detection feature powered by a new machine learning model specifically designed to prevent signup attacks. Security center thresholds now allow enterprise customers to configure metric alerts and monitor when security threats exceed acceptable values. For B2B SaaS providers, Auth0 introduces self-service single sign-on configuration in early access, addressing the common challenge of building SSO capabilities from scratch. The update also extends passwordless support to custom prompts and adds phone extensibility for customizing outbound messages and providers through a new action.

Chapters

0:00 - Introduction
0:10 - Forms Visual Editor
0:50 - Continuous Session Protection
2:25 - Custom Prompts Passwordless Support
2:54 - Security Center Thresholds
3:24 - Bot Detection ML Upgrade
4:18 - Early Access Features

Key Quotes

0:10 "Forms is a new visual editor that allows you to build custom forms that can be used to extend your login and signup flows with additional steps and business logic."
0:50 "Continuous session protection is now generally available for enterprise customers, providing powerful tools to dynamically manage sessions and refresh tokens within Auth0 actions."
3:33 "Our bot detection feature has been upgraded with a new machine learning model specifically designed to detect and prevent signup attacks."
4:56 "Every SaaS company needs to build these capabilities from scratch, which is a waste of time and resources that could be spent on core product value."

FAQ

What use cases does the new forms editor support?

The forms editor supports progressive profiling, custom policy acceptance, and custom signup or login steps. It provides pre-built components with front-end and back-end validations, custom business logic with third-party integrations, and maintains consistent branding with universal login within your tenant's domain.

How does continuous session protection improve security for enterprise customers?

Continuous session protection allows you to configure custom absolute and idle timeouts for sessions and refresh tokens, revoke sessions programmatically based on risk assessments or suspicious behavior, and access additional session attributes to make data-driven security decisions. You can apply different settings across users, organizations, or specific connections to meet security and compliance requirements.


Categories:
  • » Cybersecurity » Identity & Access Management (IAM)
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Identity & Access
  • Security Operations
  • AI & Machine Learning
  • Getting Started
  • Webinar
  • Customer Identity and Access Management
  • Authentication Flows
  • Session Management
  • Bot Detection
  • Security Monitoring
  • Single Sign-On
  • Passwordless Authentication
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Okta: Forms, Session Protection & Bot Detection

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Level Security Team for Unmatched Defense Success
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-level-security-team-for-unmatched-defense-success/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Level Security Team for Unmatched Defense Success

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version