Prerequisites

The server-side key available in your DataDome dashboard

The client-side key available in your DataDome dashboard

Choose your CDN as reverse proxy

Cloudflare

To protect your Auth0 application with Cloudflare:

Follow the Auth0 documentation to configure Cloudflare as a reverse proxy
Install the Cloudflare Worker module on your custom domain
Add the client-side key into the worker configuration to inject the JavaScript Tag in the pages

CloudFront

To protect your Auth0 application with CloudFront:

Follow the Auth0 documentation to configure your CloudFront distribution as a reverse proxy
Install the AWS CloudFront module on your CloudFront distribution
Run the following command to update your universal login template to inject the JavaScript Tag in the login page:

curl --request PUT 'https://YOUR_DOMAIN/api/v2/branding/templates/universal-login' \
  --header 'authorization: Bearer YOUR_TOKEN' \
  --header 'content-type: text/html' \
  --data '<!DOCTYPE html>
{% assign resolved_dir = dir | default: "auto" %}
<html lang="{{locale}}" dir="{{resolved_dir}}">
  <head>
    <script>
      window.ddjskey = "YOUR_DATADOME_CLIENT_SIDE_KEY";
      window.ddoptions = {
        /* add your configuration here */
      };
    </script>
    <script src="https://JAVASCRIPT_TAG_DOMAIN/tags.js" async></script>
    {%- auth0:head -%}
  </head>
  <body class="_widget-auto-layout">
    {%- auth0:widget -%}
  </body>
</html>'

Replace the following occurrences in the command above:

YOUR_DOMAIN by your Auth0 tenant domain
YOUR_TOKEN by your Auth0 bearer token to perform request to Auth0 Management API
YOUR_DATADOME_CLIENT_SIDE_KEY by your DataDome client-side key
JAVASCRIPT_TAG_DOMAIN by the JavaScript Tag domain. By default it is set to js.datadome.co, or you should use your First-Party subdomain

📘
To configure the JavaScript Tag, please refer to the documentation.