We are assessing using Auth0 as our customer IDAM product for accessing our commercial portals.
We want to allow a customer administrator to manage users and permissions for their own organisation. Each organisation could only manage its own users and only assign users roles/permissions that are we have configured for the organisation. (i.e the customer cannot create their own roles/groups, only assign its users to a predefined list).
We do not want to give customers access to the Auht0 dashboard or users page.
How would Auth0 approach this, I assume:
- Each organisation would be its own group in the authorisation extension (note: there could be thousands of organisations)
- The customers would use an SPA client that we have built that uses the Management and Authorisation APIs to add users and assign them to roles.
We also require that our own internal administrators are able to setup and administer customer and organisation accounts. I assume they would also need a separate SPA to do this.