Access to Delegated User Management Dashboard from existing DB connection

Hello - we are in the discovery process of how we can effectively use the delegated user management Dashboard to grant user management authority to some users.

We have an existing auth0 hosted database connection; in order to implement the delegated user management Dashboard we must create a new user store (as per documentation) to house users that have authorization to login to the user management dashboard.

My question is whether instead of creating users in this new connection for the purpose of granting login capabilities to the dashboard db can we instead add app_metadata to existing users in our current connection db to allow access to the management dashboard? This would eliminate the need to:

  1. have a user in two places (current user store and also as a “manager” in the dashboard connection db)
  2. maintain an additional connection db

The intent is to avoid users existing multiple places or the burden of manually creating delegated admin users in a separate, new db connection.

You can absolutely do this, but you’ll have to create a Rule to make sure only authorised users get to the dashboard.

We use the Authorization Extension to help with that. In there, we give the proper users either the Delegated Admin - Administrator or Delegated Admin - User roles and then use a rule to check if a user actually has one of those roles. If so, we allow them to login to the Dashboard. If not, we cancel the login.

This code should do it, but on testing I am bumping into an issue where if you’re not authorized for the Dashboard, you are sent back to the login screen without an explanation as to why. Not sure if that’s fixable on the login side or if that’s just a Dashboard bug.

function (user, context, callback) {
  if (context.clientID === 'DASHBOARD_CLIENT_ID') {
    if (user.roles) {
      var _ = require('lodash');
      var roles = ["Delegated Admin - Administrator", "Delegated Admin - User"];
      var matchingRoles =_.filter(user.roles, function(roleName) {
        return _.includes(roles, roleName);
      });

      if (matchingRoles && matchingRoles.length) {
        return callback(null, user, context);
      }
    }

    return callback(new UnauthorizedError('Unauthorized'));
  }

  callback(null, user, context);
}
1 Like