Create Organization in rules


I am trying to create an organization in a rule. i am following these instructions Get Management API Access Tokens for Production to create an accessToken that is able to call management apis. when logging the response i am always getting “{ error: ‘access_denied’, error_description: ‘Unauthorized’ }” however when i run the same request on postman it returns an accessToken.

  1. Is it possible to create a management api access Token to call management api from the rules usign M2M application credentials?
  2. Is it possible to create a management api access Token to call management api from the hooks (pre-register) usign M2M application credentials?
  3. I need every user that sign up to create a new organization and to be assigned to that organization. how can I achieve this behavior? (Multi Tenancy) just like auth0 multi tenancy flow. on first signup a default tenant is created and we are able to create a new tenant and switch between. Can this flow be implemented using the NEW organization auth0 feature ?

Thank you

Hi @ali.sabryali7,

Welcome to the Community!

Yes, in fact, there is a cached Access Token rules can access which you can read about in the docs. However, the scope is limited to read:users and update:users:

The Access Token for the Management API, which is available through auth0.accessToken , is limited to the read:users and update:users scopes

Since you need the scope create:organizations, you would need to create a new machine-to-machine (M2M) application and authorize it to use the Management API with the create:organizations.
This answer outlines the steps for creating the M2M and writing the rule: Prevent user creation (with hook?) if user is not whitelisted with rule - #5 by stephanie.chamblee

Yes, you would also create a M2M application just like you would for a rule described above.

It sounds like it might be possible, but I will have to do some research to know for sure. I see that you have a ticket for this as well, so I will update here when resolved.

1 Like

My management api access token issue has been resolved :slight_smile: thank you.
I have implemented the logic for creating organization, assigning user to be a member in the organization. enabling organization connections. in a rule that only runs if a user is not assigned to any member. Please update us with your research results

Thank you

1 Like

Hi Ali

What you could do is the following:

On your site, have a registration form that would ask the end user for the organization details they want to register and the user’s email address. When the user submits that form, on the backend you create an organization with the proper connection and then send an invite to that email. With the invite, the user will be added to that organization after signup. You could also include roles in that invite flow. Would that work ?

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.