We’re an enterprise SaaS startup with a top-down sales motion. Each customer gets a custom contract with a specific number of seats.
We’re wondering if Auth0 would support the following flow, and any suggestions on the best high-level design for implementing. Wasn’t able to find anything in the docs for this exact use case.
After a customer signs a contract with us, we manually send an email with a registration link to a specific individual who has been designated as the admin (e.g. someone in the IT org).
To register, a user can click on the link in the email and then see an Auth0 screen to authenticate using Google Workspace, Okta, or Azure. After authenticating, they gain access to the product and can log in anytime via SSO.
The admin can use our product to add other email addresses within their company domain, up to the seat limit (e.g. their other team members who should have access to the tool). For each email address that they add, our system automatically sends a registration link to that email address.
Registration links expire after 24H.
If an admin removes an email address from the admin dashboard, that user can no longer log in.
The invitation flow you’ve described can be accomplished using our Organization feature, where you can generate and send user invites to add new Organization members. You can use an Organization to represent each customer contract and manage the user’s associated within each.
How you manage the ‘seat limit’ may need a more creative solution, but I’d recommend considering Organizations metadata, which can store key/value pairs that can be checked and updated within an Action, where you can write custom code to deny access if the ‘seat limit’ metadata value is exceeded.
I hope this helps to spur some ideas around your proposed architecture.
One follow-up question, if an admin removes a user from the admin dashboard (let’s say this is after the user has already registered), is there a way to update the Auth0 system so that the user would no longer be able to login?
If the ‘admin dashboard’ is an application that you create for admins to manage their end-users, then you’d just need to ensure that this application calls the Auth0 Management API to update or delete the user from the Auth0 system as needed.