Monitor authentication events from your Auth0 tenant in real-time. Choose between Auth0 Actions for instant events or Log Streams for comprehensive audit logging.
We're submitting LiteSOC to the official Auth0 Marketplace. Once approved, you'll be able to install with a single click — no code required. In the meantime, use one of the methods below.
Both methods work great — choose based on your needs.
Create custom Actions to send events to LiteSOC in real-time.
Go to your LiteSOC dashboard → Settings → API Keys to create or copy your Live API key.
https://litesoc.io/dashboard/settings/api-keysIn your Auth0 Dashboard, go to Actions → Library → Create Action → Build from scratch. Name it "LiteSOC Login Tracking" and select the Login / Post Login trigger.
Paste this code into your Action. It captures IP, User-Agent, and risk scores.
exports.onExecutePostLogin = async (event, api) => {
const LITESOC_API_KEY = event.secrets.LITESOC_API_KEY;
await fetch('https://api.litesoc.io/collect', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${LITESOC_API_KEY}`
},
body: JSON.stringify({
event_type: 'auth.login_success',
actor: {
id: event.user.user_id,
email: event.user.email,
name: event.user.name
},
context: {
ip_address: event.request.ip,
user_agent: event.request.user_agent,
geo: event.request.geoip,
connection: event.connection.name,
risk_score: event.riskAssessment?.risk?.value
},
metadata: {
auth0_tenant: event.tenant.id,
mfa_used: event.authentication?.methods
?.some(m => m.name === 'mfa') || false
}
})
});
};In the Action editor, click the 🔑 Secrets icon on the left sidebar. Add a new secret named LITESOC_API_KEY with your API key value.
Click Deploy, then go to Actions → Flows → Login. Drag your new Action into the flow and click Apply.
We provide ready-to-use templates for other Auth0 triggers:
auth.login_successPost-LoginPost-Login Action fires on successful authentication
auth.signup_successPost-RegistrationPost-User-Registration Action fires when a new user signs up
auth.password_resetPost-Change-PasswordPost-Change-Password Action fires when password is changed
auth.mfa_challengeSend-Phone-MessageSend-Phone-Message Action fires when MFA code is sent
Configure a webhook Log Stream for zero-code integration.
Go to your LiteSOC dashboard → Settings → API Keys to create or copy your Live API key.
In your Auth0 Dashboard, go to Monitoring → Streams → Create Log Stream → Custom Webhook.
Set the Payload URL to include your API key as a query parameter:
https://api.litesoc.io/webhooks/auth0?api_key=lsoc_live_YOUR_API_KEYReplace lsoc_live_YOUR_API_KEY with your actual API key.
Choose which events to stream. We recommend at least:
Click Save. Auth0 will send a test event — check your LiteSOC dashboard to confirm it arrived.
Auth0 log event types are automatically mapped to LiteSOC's standard events.
| Auth0 Event Type | LiteSOC Event | Severity |
|---|---|---|
| s (Success Login) | auth.login_success | info |
| ss (Success Signup) | auth.signup_success | info |
| f, fp, fu (Failed Logins) | auth.login_failed | medium |
| scp (Success Change Password) | auth.password_reset | medium |
| gd_auth_succeed | auth.mfa_challenge | info |
| gd_auth_failed | auth.mfa_failed | high |
| gd_enrollment_complete | auth.mfa_enabled | info |
| sapi (Success API Operation) | admin.settings_changed | high |
| limit_wc (Rate Limit) | security.rate_limited | high |
| w (Warning) | security.suspicious_activity | high |
Unlike some integrations, Auth0 provides IP addresses in both Actions and Log Streams. This means you get full Behavioral AI detection out of the box:
Having trouble with your Auth0 integration? Check out our resources or reach out.