 Hi, my name is Michael Weinberger and I work on the business development and partners team at Pangea where I'm responsible for integrations and other technical details related to partners. Today I'm going to demonstrate how Pangea and Auth0 work together to deliver additional Pangea security capabilities through the Auth0 marketplace into Auth0 authentication flows. Pangea is a collection of security services that can quickly and easily be added to any cloud application. Pangea provides developers with SDKs that allows them to easily integrate security services into their products similarly to the way that Auth0 does with authentication and the Auth0 SDKs. We're also adding capabilities to the Auth0 marketplace through the use of actions where we're adding Pangea's security capabilities so that you can easily and quickly add them to any Auth0 authentication flow. So when you're using Auth0 and you would like to add additional security capabilities such as restricting access from an IP specifically known to be malicious or restricting access from a VPN or proxy you can do that using Pangea actions by downloading them directly from the Auth0 marketplace. So to start off we're here in our Auth0 console and we'll go down to our actions and to our flows. These are all the different points where we can add actions from the Auth0 marketplace as part of our authentication flow. So for example if we wanted to add additional capabilities to our user registration let's say we were in a situation where we offer a free trial as part of our service and we're worried about our users abusing that free trial system to continually create new accounts and continually use those free trials. We can go into our pre-user registration flow so we're going to go over to our add action capability here and we're going to browse the actions that are available in the Auth0 marketplace. We'll go ahead and search for Pangea and then we have our domain check action which we're going to add to our Auth0 deployment here. Once we've added the action there are a couple of things which we need in order to configure it so to do that we're going to switch over to the Pangea console and show you what it would look like as a new Pangea user to configure this particular action. So when you log into Pangea for the first time the first thing that you do is create an organization and you can select a location where you want that organization to be. Pangea offers its security services to be deployed in any specific region as well as an Amazon or an GCP so we're going to go ahead and create a new org in US West here and once our organization is created we have to create what we call a token. So this is the Pangea console and from the Pangea console you'll see that we have access to a wide variety of security services so things which we want to use in this case such as domain intelligence. We also have access to other best-of-market security intel through our IP intelligence and file intelligence. We also have services such as our secure audit log which provides you a secure tamper proof and cryptographically verifiable audit log which you can use for logging which you can also integrate with Auth0 for log streaming if you wish. We also have a redact service and embargo service where we have a vault. We're working on a large number of additional security services so that you can add even more capabilities not just to Auth0 but also directly to your applications. So as we've created our new organization here in US West we have a regular domain so we have our aws.us.pangea.cloud domain so we'll go ahead and copy that and put that in as our domain in our configuration over on Auth0. Then we're going to go ahead and configure our domain intelligence so if we click on domain intelligence here we'll be able to create the token and the token is where we'll actually get permission to take an action against the pangea API so we'll go ahead and see that domain intel is selected we'll go ahead and click done it'll create a new token for our domain intel service and we'll go ahead and copy that token and put that here into our configuration as well and then finally we have to select a provider for the domain check. Pangea partners with a number of companies that have best-of-market security intel in the case of domain check we're going to go ahead and use CrowdStrike. Now that all those things are configured we can go back to our flows we can go back to our pre-user registration and we now have our domain check available to us which we can now drag into our flow and click apply and now whenever a user tries to authenticate to create a new user account on our service they'll automatically have to go through that pangea domain check that will filter out those suspicious domains protecting us from the situation where users might be trying to create those free trials. So another situation you might run into is one of fraud so if you have a service which accepts credit card payments you might want to protect your service from connections from known malicious IPs or IPs which come through VPNs or proxies since they're significantly more likely to be bad actors with stolen credit card numbers or otherwise the users trying to do bad things to your service so we can add those additional actions to our authentication flow so that we can add additional security or just straight out reject those types of connections. So here I have an example of a login flow which is doing a number of additional steps using pangea it's doing our is proxy so it's checking to see if the connection is from a proxy it's doing our is VPN which is checking to see if the service is from a VPN it's doing our IP check which does an IP reputation check using the best of market security intel to determine whether or not this IP address is known to be suspicious and then it's logging all that information to pangea secure auto log so what would that actually look like in production so we'll switch over here to an example production application where there's some user content which is gated behind a login the same that you would expect on any website and we'll show you the process of what would look like when a user logs into your site and then automatically has those pangea actions trigger as part of your author authentication flow so we'll go ahead and click login here and when we go to log in it redirects us to the regular author authentication window where we'll go ahead and log into our site and after we log in what we'll see is a profile information that shows that we in fact were able to successfully log into the site and we'll also see pangea's audit log viewer which shows us all of the records of the authentications that we've attempted to perform so you can see here that we have an attempted login context so this will give us the details of the author authentication that we attempted to do so you can see where I tried to log into this site here from my home in New Hampshire and in addition we have the details of our ip reputation check so in this case our ip address was determined to not be found in the data set crowd strike was the provider that we used to check to see if this ip was particularly malicious and it was not known to be malicious so we passed that check and then we also were able to do our vpn and proxy check using digital envoy as our provider and we were able to determine that this ip address that we were trying to log in from was in fact not a vpn and was in fact also not from our proxy so hopefully this gives you some idea of what it's like to add security capabilities using pangea to your author authentication flows and help you to save time and money when you're in situations where you need to add additional security context security information or security capabilities you can also use pangea to add additional security capabilities directly into your applications from a developer perspective making it really quick and easy for you to get that additional security context or security capabilities that you need directly into your application