I successfully used Auth0’s Forms and Flows to create a near native self-service user registration (including org creation & invitation) that does the following all within the Auth0 React SDK:
Create a new user (required for the 1st step due to the post-login trigger to render a form) First line of feedback: would love to be able to render a form during the sign up process! Not the post-login trigger.
It’s easier & efficient, IMO, to do:
Org Creation → Org Configuration → Invite new user → User gets invite→ User accepts → User sets up their account. Which I’ve built custom solutions to support.
Form renders
Flow step: user enters: Company Name (display name), First & Last Name 2ndFeedback: I cannot programmatically generate a lower_caseversion of this name per the org_name requirements. This requires, I believe, the custom field component, which is a paid add-on. I’m on the startup 1-year plan, and I don’t have access to this, unfortunately. Workaround: I used the functions.md5(fields.org_display_name)as the org_name
Flow step: create org via custom Auth0 API action
Flow step: configure org (setup connection id) via custom Auth0 API action
Flow step: Invite user with role attached to new org
This all works.
3rd Feedback:
But for this flow to work. I need my React Client App within Auth0 configured to support both Individual and Org (Business) login experiences.
Edit: The reason is a user needs to be able to authenticate, initially, without an org context, to continue to render the custom form. If your Client App is locked to Business Users only, you’ll receive this URL path to handle in your app:
This is not a desirable state. (Having both Individual and Business user support)
Now, my users will be prompted to pick from their individual account or the company account. My SaaS offering only deals with business accounts (enforce orgs). This will be a high-friction point and source of frustration for a subset of my users. More so since my clientele is typically not tech-savvy. (Construction Tech)
Obviously, I can create a custom FE (frontend) and BE (backend) to do exactly what I need. I’ve accomplished this before. But I would rather not. I would rather simply configure Auth0, and that’s that.
Any tips, advice, workarounds, suggestions for my dilemma? Things I may have missed?
I am sorry about the delayed response to your inquiry!
As you have stated, a limitation of the Forms and Flows feature is the fact that it is tightly tied to the PostLogin Trigger instead of having the flexibility of using it in any desired trigger. You can submit a topic or upvote existing ones on our Feedback page in order to bring higher attention to our product team.
Otherwise, as an alternative, you should be able to use Partials in order to add these custom fields directly on the Signup page instead of redirecting to a form while also being able to handle these variables using Triggers. This will help you handle the normalization of the organization names.
Also, as a workaround for you Individual and Business users problem that you are encountering due to organizations, you could have a dummy/default organization set up on your tenant in which all new users are added after registration until they receive and accept the invite for the one created. This way, you will be able to deny access using a PostLogin trigger if they are a part of the default organization. Please keep in mind that you will need to remove these users from the default organization once they have accepted the invite.
Thanks Nik for the thoughtful and detailed response and possible workaround!
I may pivot to that implantation flow in the future.
I did end up going with another route, simply because it was implemented and released just before your response.
This way still requires “Both” being used for the Client’s Login XP settings.
I created custom K:Vs in the user’s app_metadata : created_org_id & created_org_name
Then my React app will guide the user into their organizational context in both of these circumstances:
new registration, completed Form workflow
accidentally selects “personal account” from the org picker
I also created a new Feature request post for a “pre-login” trigger that can be activated regardless of personal vs org context in regards to the client’s login XP setting. As well as the ability to render a form.
