Delegating per domain users management

Help
,
1

Hello,

I’m investigating if an Auth0 non- Enterprise subscription would suit our needs as follows:

  • We’re implementing a multi-tenant application. The front-end is React with backends being coded in Python and .NET.
  • We’re aiming to have 6 to 15 clients. Each client will have around 5 users, maybe some will have max up to 20 or 25 users.
  • Our application will have a single landing and login page for all users. Therefore the tenant / organization has to be figured out during the login flow. As far as per my understanding this means the Business Users → Prompt for Credentials login flow would be adequate for this. Is this correct?
  • We’d like each client manages their users themselves. We would like sending the invitation to the ‘admin’ user and delegating that user the management of users for that domain.
    Is there a way to do this out of the box, without implementing our own user management logic and UI?
  • Although it should not be possible a user wouldn’t be member of any organization, if such user gets created somehow, the user should not be able to login. Is this possible? I was looking into the pre-user-registration and the post-login triggers, but I wasn’t able to figure out how this could be done. Hints would be appreciated?

I’d appreciate a feedback on the initial question about viability of non-Enterprise subscription, as well about questions I raised.

Thanks in advance,
Damir

3

Hi @damir.dezeljin

Welcome to the Auth0 Community!
I’m reading through your post and am working on providing some details/documents to assist with everything, just wanted to let you know that we’re looking into this for you.

Thank you for your patience!
Gerald

1 Like
4

Hi @damir.dezeljin

I do believe that it could be best to talk with one of our experts on this matter and they can advise as to what could handle everything for you, but let me try to provide some details regarding all of the concerns you raised, starting with the multi-tenant structure. This will depend on how many tenants are you looking for, the Essentials plan includes 3 tenants, Professional has 6 and Enterprise would have unlimited.

  • As far as per my understanding this means the Business Users → Prompt for Credentials login flow would be adequate for this + Although it should not be possible a user wouldn’t be member of any organization, if such user gets created somehow, the user should not be able to login. : I tied these two together. If you aim to divide your users by Organization and allow login only to users that are members of an Organization, you can opt for Business Users → Prompt for Organization. This will first prompt them to input the Organization name and then for their credentials, and they will be logged in only if they are also part of the Organization. This could offer more details for setting up Organizations within your tenant.
  • We’d like each client manages their users themselves. We would like sending the invitation to the ‘admin’ user and delegating that user the management of users for that domain : I believe that implementing RBAC would be a good fit and could work well for this use-case, which is included starting with the Essentials plan.

You can scroll down on our Pricing page and see more detailed differences between the packages that we offer. The decision revolves around the amount of traffic that you might have, users, how many Actions+Forms you wish to implement and how many Security features are needed. While I believe this could be accomplished with a non-Enterprise subscription, I do advise that you reach out to our specialized team for their opinion.

Hope this helped!
Gerald

5

Speaking with a business development representative from Auth0 I was told all the functionality I’m looking for can be fulfilled by the Auth0 B2B Essential or greater plan and usage of organizations to represent our clients.

As per today I still didn’t figure out how to manage figure out how to delegate management of per- Auth0 domain’s users to an admin user from our client. Currently I’m still investigating this and will report back if I manage to get it working.

Kind regards,
Damir