Allow Actions to run before a user is automatically added to an organization

Feature: Allow actions to be run post Authentication but before Auto-Membership runs.

Description: During the login flow, want to have an action that can run, similar to post-login, but before the user is automatically added to an organization. There’s currently no way to trigger a denial of the user that doesn’t still leave them a member of the organization.

Use-case: We want to be able have to have someone use a social auth to login to an organization, however we want to be able to reject the login if their email isn’t from a given email domain. Right now this can be accomplished in a post-login action, however the user still ends up in the userlist. This feels incorrect as it means someone can pollute the organization’s user member list even though they never managed to make it through the full login flow.

There should be an action that is able to run before membership is granted.

Hi @generik,

Welcome to the Auth0 Community and thanks for the feature request!

Hey there!

As this topic is related to Actions and Rules & Hooks are being deprecated soon in favor of Actions, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!