How to Configure Tenant Access Control List Rules

A Tenant ACL rule is composed of the following elements:

Signal: The signal is an identifying piece of information that is provided by the incoming request, such as IP address, geolocation, or user agent.
Condition: The condition is the combination of an operator (such as match) and a set of values (such as a list of IP addresses).
Action: The action is the directive that your rule executes if criteria are met, such as allow, block, or redirect.
Scope: The scope indicates which sets of endpoints that the rule is enforced for, including the Authentication API, Management API, or your entire tenant.
Priority: The priority defines the order in which the rule runs relative to other rules.

For detailed information about these Tenant ACL rule properties and how to use them, read the Management API Endpoint Parameter Reference.

The Tenant ACL uses a consistent rule evaluation logic to determine what action, if any, to apply to a given request.Carefully assign priorities to create granular access control policies for your use case.

Create and delete rules

You can create and delete Tenant ACL rules using the following Management API endpoints. You need a Management API access token with indicated scopes.

Action	Endpoint	Required scope
Create a rule	Create access control list	`create:network_acls`
Delete a rule	Delete access control list	`delete:network_acls`

Modify rules

You can modify Tenant ACL rules using the following Management API endpoints. You need a Management API access token with indicated scopes.

Action	Endpoint	Required scope
Update a rule	Partial update for an access control list	`update:network_acls`
Overwrite a rule	Update access control list	`update:network_acls`

Enable or disable rules

Management API
Dashboard

You can enable or disable a rule with the Management API Update access control list endpoint.Set the active property of the rule object to true or false, respectively.

View rules

Management API
Dashboard

You can view existing Tenant ACL rules using the following Management API endpoints. You need a Management API access token with indicated scopes.

Action	Endpoint	Required scope
View a rule	Get a specific access control list entry for a tenant	`read:network_acls`
View all rules	Get all access control list entries for a tenant	`read:network_acls`

Go to Dashboard > Security > Access Control to view a list of your existing rules.

Column name	Description	Related API response field
Priority	Ordinal number indicating when the rule is evaluated	`priority`
Name	Description of the rule’s purpose or functionality	`description`
Action	The action that the rule performs.	`action`
Status	Value indicating whether the rule is active or disabled.	`active`
Last Updated	Datetime stamp of when the rule was last updated.	`updated_at`

View list of Tenant ACL rules in the Auth0 Dashboard

Protect Your Application

Call APIs On User's Behalf

Protect Your Tenant

Compliance

How to Configure Tenant Access Control List Rules

Create and delete rules

Modify rules

Enable or disable rules

View rules

Learn more

Protect Your Application

Call APIs On User's Behalf

Protect Your Tenant

Compliance

Documentation Index

​Create and delete rules

​Modify rules

​Enable or disable rules

​View rules

​Learn more

Create and delete rules

Modify rules

Enable or disable rules

View rules

Learn more