Allow Enterprise Connection but not yet register the user

I have this case:

  1. I want to allow the users to use their own e.g. Google Workspace, so that means I have to register an Enterprise Connection and work with Universal Login.
  2. In this case we will not use Organizations and UL is configured as Identifier First.
  3. This means that in UL, the user will enter his email, and then Auth0 detects the domain, and it will route him to the correct EC.
  4. After he authenticates, the browser returns from Google to Auth0, Auth0 registers the user, and then the browser returns to my application.

The question is in #4, can I avoid the user being registered? I want to register it myself using the API so this way I have true control.

NOTE: I read that this is what happens, but I haven’t reached this point yet. I just want to make sure it is possible or not.

Why do first my db then Auth0? Because

  1. we can validate the user before and not have “garbarge” data in Auth0.
  2. we want to assign the tenantId to the user.app_metadata. It is cleaner to do at creation time, yet I believe it can be updated afterwards. Am I right here?.
  3. we reduce the dependency on Auth0 (your product is great, but we still want to keep some control).

Hello @katlim-br

There is no way to create a federated user with the management API. Federated (social, etc.) users are only created by logging in.

However, you can probably achieve the control you need using actions (or rules + hooks).
You cannot “prevalidate” federated users - that is the responsibility of the federated connection. You can do cleanup via actions.
You can assign the app_metadata at any time via an action or the management API




When you say cleanup, do you mean we can delete the user or avoid from being inserted inside the rule/action?

The latter would be ideal. The former is kind of hacky, but it could work.

Additional question: actions or rules have timeout? Because we might need to do a validation thru our APIs.

By cleanup - I mean deletion/archival.

Actions and rules do have timeouts, I don’t remember what they are, but when you call APIs you need to take this into consideration.


1 Like

Previous message deleted due to SPAM reasons