Overview
This article provides steps on preventing users from being able to log into an Auth0 Organization without deleting the Organization.
Applies To
- Organizations
Solution
Auth0 organizations do not have a concept of being “inactive”, but it is possible to simulate a similar behavior with one of the two options below:
1. Disable all connections in the organization.
If there are no connections enabled in an organization, users will not be able to join.
- Remove connections programmatically using the Delete connections from an organization Management API endpoint.
- To fetch the list of connections enabled, use the Get connections enabled for an organization API endpoint.
2. Set a specific metadata attribute in inactive organizations and use a Post-Login Action to prevent login.
In this scenario, users will be able to enter their credentials, but the login will fail.
- Use a Post-Login Action to check the metadata of the current organization (event.organization.metadata).
- If it sees an attribute that indicates it to be inactive, reject the login.
- Once the Action is set up, programmatically enable or disable organizations by updating the metadata via the Modify an Organization Management API.