Thanks for the answer @stephanie.chamblee - are the above solutions possible without leaving the Auth0 domain?
I don’t want to build a solution where email addresses are being stored outside of Auth0. I.e: I don’t want to create CloudStorage where I will have emails of users there to create this role assignment, as I would like all of the sensitive information to never leave Auth0.