I have this case:
- I want to allow the users to use their own e.g. Google Workspace, so that means I have to register an Enterprise Connection and work with Universal Login.
- In this case we will not use Organizations and UL is configured as Identifier First.
- This means that in UL, the user will enter his email, and then Auth0 detects the domain, and it will route him to the correct EC.
- After he authenticates, the browser returns from Google to Auth0, Auth0 registers the user, and then the browser returns to my application.
The question is in #4, can I avoid the user being registered? I want to register it myself using the API so this way I have true control.
NOTE: I read that this is what happens, but I haven’t reached this point yet. I just want to make sure it is possible or not.
Why do first my db then Auth0? Because
- we can validate the user before and not have “garbarge” data in Auth0.
- we want to assign the tenantId to the user.app_metadata. It is cleaner to do at creation time, yet I believe it can be updated afterwards. Am I right here?.
- we reduce the dependency on Auth0 (your product is great, but we still want to keep some control).