How to automatically select organizations during login?

Hi,

I have the following setup:

  • 1 tenant
  • 1 database connection (right now)
  • Multiple served companies currently stored in user’s app_metadata but I want to migrate it to Organizations.
  • Every user belongs to just one company.
    I went through the documentation and the Organization feature looks like a good fit for our use case but I have an issue with that. I don’t want to complicate the user’s login flow with the ‘give me your organization ID’ step but without that, I couldn’t have him logged in to his org. Is there any way to make this automatic?

Regards,
Laszlo

Hi Laszlo -

Were you able to figure this out? I’m wondering the same thing. I’ve found you can switch between organizations using getAccessTokenSilently({organization: 'ORG_ID', ignoreCache: true}), but only if the user initially logs in with an organization. It doesn’t work if they login as an individual (i.e. skipping the org selector).

If it allowed you to move from an individual login to an org login you could:

  1. Have the user login as an individual.
  2. Query your API for their organization.
  3. Use getAccessTokenSilently to get an access token for that org

@konrad.sopala I’ve seen you comment on other organizations threads. Any thoughts here?

The question boils down to - when using orgs - is there any way to have the user login, then get an access token for a particular organization within the application? Or does the user always need to first enter the organization name?

This seems like a very reasonable, common, usecase and it’s not documented well in the organization docs.

1 Like

I’m in the same boat. Seems a reasonable request. Would like some feedback from Auth0 on this.

Hello @here!

Really good question, and I’m not sure off the top of my head but happy to dig into this a bit.

Can you elaborate on how this doesn’t work? What exactly happens if you go to do silent auth with the org_id for a user whom is logged in outside the context of an Organization?

Let me know!

Hi @tyf - It’s been quite a while since I took a look at this and we ended up not using organizations in our Auth0 implementation (partially due to this, partially due to pricing not fitting our usecase).

I believe by “it doesn’t work” I meant “Acquiring a token fails. getAccessTokenSilently either returns nothing or an error.” I don’t recall the exact results. You may want to try reproducing on your end to see what the current version of organizations does (I imagine things have changed over the past year?).

I will definitely attempt to reproduce on my end as I was under the impression as long as the org_id param was passed in the authorize request we’d honor it. The only thing I can think of is that it might be a limitation of silent auth as the context in which the user is logged in is changing (no org → org). Maybe that’s not possible with prompt=none?

Anyways, thanks for responding here, much appreciated :smile:

More or less related: would it also be possible to return the organisation(s) that an individual user is part of in the access token after logging in (either via an action/flow or otherwise). This would skip the step of having to query an API to get the users’ organisations. In a multi-tenant SaaS setup where data is gated based on org_id i think this would help (SaaS backend API could unpack the acces token and return data based on included org_id).

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.