Overview
When attempting to use an Organization login, the user is unable to access Delegated Admin Extension (DAE) . The user’s roles seem to be missing in Actions. This article clarifies whether it is possible to use the DAE with Organizations.
Applies To
- Delegated Admin Extension (DAE)
Cause
Organization Member Roles are separate from Roles assigned to a user outside of an organizational context.
As a result, if a user authenticates within an Organization context, Actions will only see their Organization Member roles in the event.authorization.roles - roles assigned directly to the user not related to an Organization will not be available.
Please check out this link for more information on this.
Solution
Assign the DAE roles as Organization member roles. These should then get picked up by the Action applying roles to the user’s ID Tokens when the user is logging into an Organization context:
NOTE: The namespace for the custom claims must not include “auth0.com”, “webtask.io” or “webtask.run” - these will be silently ignored if present