> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> Checks to ensure that your Applications comply with Auth0 best practices

# Production Readiness Checks: Best Practices

The following checks cannot be automated, so we recommend manually checking these areas prior to deployment to Production.

| Check                                                                                          | Description                                                                                                                                                                                                                                     |
| ---------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Externalize [Configuration Parameters](/docs/authenticate/database-connections/custom-db)      | [Externalize, instead of hard code, all configuration parameters](https://manage.auth0.com/#/connections/database), such as credentials, connection strings, API keys, and so on, when developing Rules, Hooks, or custom database connections. |
| Review the [Single Sign-on (SSO)](/docs/glossary?term=Single+Sign-on+%28SSO%29) Timeout Values | Review the default [SSO cookie timeout values](https://manage.auth0.com/#/account/advanced) and ensure they align with your requirements.                                                                                                       |
| Tenants and Administrators                                                                     | Review all tenants and tenant administrators to ensure they are correct. Decommission tenants that are no longer in use. Ensure that tenant administrators are limited to the necessary users.                                                  |
| Verify Client IDs in App Code                                                                  | Ensure that the Client IDs in your application code align with their Auth0 Application configurations.                                                                                                                                          |
| Add Auth0 Public IPs to Allowlist                                                              | Allowlist Auth0 IPs if you're connecting to internal services or services behind a firewall when using Rules, Hooks, or custom databases. You can get a list of IP addresses in the tool tip when configuring any of these items.               |
| Review Attack Protection                                                                       | It is recommended that you [review Auth0 Protection capability and configuration](/docs/secure/attack-protection).                                                                                                                              |

## Learn more

* [Production Readiness Checks: Critical Fixes](/docs/deploy-monitor/pre-deployment-checks/production-check-required-fixes)
* [Production Readiness Checks: Non-Critical Fixes](/docs/deploy-monitor/pre-deployment-checks/production-check-recommended-fixes)
* [Get Management API Access Tokens for Production](/docs/secure/tokens/access-tokens/management-api-access-tokens/get-management-api-access-tokens-for-production)