How to Enable or Disable Monitoring Mode for Tenant Access Control List Rules

When a rule is in monitoring mode, Tenant ACL evaluates that rule and emits a tenant log event, but does not execute the rule’s action and does not terminate evaluation of subsequent rules and lists. To enable monitoring mode, configure the rule’s action property log to true:

Call the Management API Partial update for an access control list endpoint with the following body:

Management API request body

{
  "rule": {
    "action": {
      "log": true
    },
    "scope": "authentication"
  }
}

package main

import (
	"context"
	"log"

	"github.com/auth0/go-auth0"
	"github.com/auth0/go-auth0/management"
)

func main() {
	mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
	if err != nil {
		log.Fatal(err)
	}

	networkACL := &management.NetworkACL{
		Rule: &management.NetworkACLRule{
			Action: &management.NetworkACLRuleAction{
				Log: auth0.Bool(true),
			},
			Scope: auth0.String("authentication"),
		},
	}

	err = mgmt.NetworkACL.Patch(context.Background(), "{yourTenantAclRuleId}", networkACL)
	if err != nil {
		log.Fatal(err)
	}
	log.Println("Network ACL has been updated to enable monitoring mode")

const updateNetworkAclPayload: Management.UpdateNetworkAclRequestContent = {
  rule: {
    action: {
      log: true,
    },
    scope: "authentication"
  }
};

const updateNetworkAcl = await client.networkAcls.update("{yourTenantAclRuleId}", updateNetworkAclPayload);

In the resource block, under rule.action, set log to true:

resource "auth0_network_acl" "example_acl" {
    description = "Example ACL"
    active = true
    priority = 1
    rule {
        action {
            block = true
            log = true
        }
        scope = "authentication"
        match {
          hostnames = ["example.com"]
        }
    }
}

exampleACLs:
  - description: Example ACL
    active: true
    priority: 1
    rule:
      action:
        block: true
        log: true
      match:
        hostnames:
          - "example.com"
      scope: authentication

auth0 network-acl update {yourTenantAclRuleId} --action log

You can disable monitoring mode by similarly setting the the log property to false.

Protect Your Application

Call APIs On User's Behalf

Protect Your Tenant

Compliance

How to Enable or Disable Monitoring Mode for Tenant Access Control List Rules

Protect Your Application

Call APIs On User's Behalf

Protect Your Tenant

Compliance

Documentation Index