We are implementing Auth0 CIBA (Client‑Initiated Backchannel Authentication) using the email approval flow and would like to understand what level of customization is supported for the Deny experience.
Proposed user flow:
- Admin clicks Deny Request on the CIBA approval screen
- A “Justification for Denying” modal is displayed (justification optional)
- Admin clicks Confirm Denial, which is successfully sent to the backend
Is it possible to implement this flow using Auth0’s hosted CIBA approval screen?
Hi @rdhayanithi
Thank you for reaching out to us!
While we understand how the outlined functionality would make sense in different scenarios, it does not appear that this is currently supported out of the box for Auth0’s hosted CIBA approval screen. The CIBA flow depends on the user’s consent/approval in order to advance and if the user denies the consent, the flow would stop as user authentication consent was not provided.
For better control over the user interface, building the logic in your application to handle the approval/denial process could be the best option, although I highly encourage you to submit a Feature Request on this matter, that other users can vote on. As the page is monitored by our Product Team, submissions with higher vote counts can create urgency and help speed up the development of the feature.
Hope this helped!
Gerald