Delegated Admin Extension and Organizations

Overview

When attempting to use an Organization login, the user is unable to access Delegated Admin Extension (DAE) . The user’s roles seem to be missing in Actions. This article clarifies whether it is possible to use the DAE with Organizations.

Applies To

  • Delegated Admin Extension (DAE)

Cause

Organization Member Roles are separate from Roles assigned to a user outside of an organizational context.

As a result, if a user authenticates within an Organization context, Actions will only see their Organization Member roles in the event.authorization.roles - roles assigned directly to the user not related to an Organization will not be available.

Please check out this link for more information on this.

Solution

Assign the DAE roles as Organization member roles. These should then get picked up by the Action applying roles to the user’s ID Tokens when the user is logging into an Organization context:

NOTE: The namespace for the custom claims must not include “auth0.com”, “webtask.io” or “webtask.run” - these will be silently ignored if present

Related References