Overview
Auth0 is an identity platform for authentication and authorization. SigNoz ingests Auth0 tenant logs using a Custom Webhook log stream.
Auth0 batches log events and delivers them to a webhook as a JSON array. SigNoz ingests that array through its HTTP JSON logs endpoint, storing each event as a log record and mapping Auth0 fields (such as type, client_name, and ip) to log attributes.
With your Auth0 logs in SigNoz, you can:
- Search and analyze authentication events — logins, sign-ups, failed attempts, MFA challenges, and anomaly detection — in the Logs explorer.
- Build dashboards and alerts on Auth0 activity, such as spikes in failed logins or blocked sign-ups.
- Correlate identity events with the application logs, traces, and metrics already in SigNoz.
Prerequisites
- A
SigNoz Cloud(or self-hosted) workspace - An Auth0 account and tenant with log streaming enabled (sign up for free)
Using self-hosted SigNoz? You'll expose the JSON logs receiver behind a public HTTPS endpoint and skip the ingestion key — see the Self-Hosted SigNoz tab below. For more on endpoint and auth differences, see Cloud → Self-Hosted.
Forward Logs
Step 1: Prepare your SigNoz endpoint
- Create an ingestion key and copy its value — you'll add it to the Auth0 stream in Step 2.
- Your Payload URL is
https://ingest.<region>.signoz.cloud:443/logs/json, where<region>is your account region (us,eu, orin).
- Enable the JSON logs endpoint on your OpenTelemetry Collector by adding the
httplogreceiver/jsonreceiver. - Expose the receiver behind a public HTTPS URL with a valid certificate (for example,
https://signoz.example.com/logs/json) — this is your Payload URL. Auth0 only delivers to public HTTPS endpoints; self-signed certificates are not supported. - No ingestion key is required.
Step 2: Create a Custom Webhook stream in Auth0
- In your Auth0 Dashboard, go to Monitoring > Streams and select Create Stream.
- From the New Event Stream listing, select Custom Webhook.
- Enter a Name and select Create.
- Configure the stream fields:
- Payload URL — the SigNoz endpoint from Step 1.
- Authorization Token —
Bearer <your-ingestion-key>for SigNoz Cloud; leave empty for self-hosted SigNoz. - Content Type —
application/json. - Content Format —
JSON Array.
- Select Save to create the stream.
Step 3: Verify logs in SigNoz
- Trigger activity in your tenant so Auth0 emits events — for example, sign in to an application connected to your tenant.
- Open the Logs explorer in SigNoz.
- Within a minute or two, your Auth0 events appear as log entries. Filter or search on attributes such as
type,description,client_name,connection,ip, anduser_id, or run a full-text search on the log body.
It can take a few minutes for the first events to appear after you create the stream.
Troubleshooting
No data appearing
- Confirm the Payload URL matches your SigNoz Cloud region, or your public HTTPS endpoint for self-hosted SigNoz.
- Confirm the Content Type is
application/jsonand the Content Format is JSON Array — the/logs/jsonendpoint expects a JSON array of events. - Make sure the stream is enabled and that your tenant is generating events.
Authentication or delivery errors
- Open your stream in Auth0 and review the Health tab. Auth0 records the HTTP response code returned by SigNoz; a
200means SigNoz accepted the batch, and Auth0 automatically retries failed deliveries. - For SigNoz Cloud, ensure the Authorization Token is
Bearer <your-ingestion-key>and that the ingestion key has not been revoked or regenerated.
Next Steps
- Set up log-based alerts on Auth0 activity, such as spikes in failed logins or blocked sign-ups.
- Create a dashboard to visualize Auth0 authentication events in a single view.
Get Help
If you need help with the steps in this topic, please reach out to us on SigNoz Community Slack. If you are a SigNoz Cloud user, please use in product chat support located at the bottom right corner of your SigNoz instance or contact us at cloud-support@signoz.io.
