Scenario
- Navigate to https://manage.auth0.com/#/account/admins
- Add a new user other with an application other than All Applications
- Go to email you added to your new user and accept the invitation.
- Go to https://manage.auth0.com/#/users, a screen without + CREATE USER is displayed.
Expected Result
A screen with + CREATE USER is displayed.
If we created a dashboard admin with application All Applications then the new admin would see the create buttons. For security reasons, we don’t want give all our employees access to production clients.
Administrators for individual applications can manage the application in question, but cannot manage (create/update/delete) users; this is intentional so this does not seem to be an issue.
If this is the case that you want to allow certain members of your team the ability to manage users, but not the remaining aspects of the account then if you haven’t done so already you should take a look at the Delegated Admin extension. Depending on the actions they need to do this could address your scenario, in particular, if what these members will need to do is associated with user management actions.
See this table with the available user actions on the extension to see if this would be applicable to your scenario.
Thank you JMangelo, I’m gonna have a look at it.
I have accepted the answer as it is probably correct but I have an issue with the Delegated Admin extension. We receive: POST https://manage.auth0.com/api/clients 403 ()
and this screen shot:
![alt text][1]
Why is this functionality forbidden to us?
Thank you,
zatziky
This extension is possibly the one with the most complex installation procedure as it requires quite a few pre-requirements. To my knowledge, there’s no active restriction on which extensions can be installed on a particular account so this is likely an error and not a restriction. I would recommend making sure to go trough all the steps documented in the install process and if the issue persists then try to gather as much information as possible (console errors, error responses from network calls, etc) and then post as a separate question.