@ryan.moriarty Not sure if you have found the solution to your problem - but if you have not, you can create a separate M2M Application with the proper permissions outside of the Native & SPA apps, and then use the newly generated M2M app’s client_id & client_secret within the Auth0 Action.
Be aware that the Management API calls within the Action is subject to the rate limits of the tenant, so you should look into caching an access token on your end somehow.