Problem statement
We have a scenario where employee and customer accounts are stored in separate AD domains.
- Domain X: Employees log in via the enterprise connector (Azure AD), where the connection is displayed as a button.
- Domain Y: Customers log in via the DB connector. In this scenario, we provide CRUD operations against our AD domain for situations like sign-up and self-service password reset. The DB connector employs DB Action scripts to perform these CRUD operations.
I am curious to know if it’s possible to achieve CRUD functionality with the Enterprise connector. If it is, what is the Auth0 recommended approach to achieve this?
Solution
Unfortunately, the enterprise connections (such as Azure AD, Google Workspace, or Okta Workforce) do not support CRUD operations. The protocols that facilitate communication between Auth0 and the Enterprise IdP, such as SAML and OpenID, are not designed to handle the CRUD operations of user accounts. These protocols are primarily intended for authenticating the user’s identity and not for managing user account data.