How to create a user with no password, or if impossible, include password in verification email

fabs · February 22, 2021, 1:28pm

I’m not sure if this would be an “invite flow” or “invite-only flow”, or what, but we have a web app (SPA Angular appwith a .Net Core Web API) where the main user (administrator) creates an account with our software package on our web app, and then our API creates an account on Auth0 using the Management API. The administrator then can create as many users as he likes for his staff/employees. Again, for each of these users, our API creates a user on Auth0 using the Management API. Since, as far as I’m aware, a user must be assigned a password at the moment of creation, the administrator must pick a password for each user he creates. Auth0 then automatically sends out an email to each of these users asking them to verify their email address. When the user follows this link, it takes them to the Auth0 login screen where they have to fill in their email address and password. However, the user doesn’t know what his password is unless the administrator tells him.

My question is: is there no way at all to defer picking a password until the user logs in for the first time? Upon first logon, the user could pick their own password.
Alternatively, if a password MUST be set at the moment of creating the user, could this password be displayed to the user in the email verification email? I would essentially treat this as a temporary password, as I would also require the user to change their password upon first logon in this case.,

Thanks

sgo · February 22, 2021, 1:41pm

Hi @fabs .

You can create users without a password when carrying out a bulk import into a database connection, they would then need to go through the password reset flow before they could login.
https://auth0.com/docs/users/bulk-user-imports

Please see the documentation here on a way you could implement an invite flow using our current feature set:

Using the above you re-purpose the reset password flow as a “choose your new account password”, and you can customise the Password Reset page so the text makes more sense in this context for your end-users.

fabs · February 22, 2021, 2:15pm

Thanks, sgo. So, I guess I would then turn off automatic sending of verification emails in this case, so that the user doesn’t automatically receive a verification email when the administrator creates his account. And then, after his account is created, my API could send the user an “Auth0 change password email” using a customized email template to make it look like a “choose your new password account” email.

sgo · February 22, 2021, 2:23pm

Yes, that’s right

system · March 9, 2021, 2:24pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create Auth0 User and let them set their password in the invite email Help auth0 , management-api , password , user-creation , login	7	11363	July 15, 2021
How to let user to create their password though email verification Help	4	6572	May 28, 2021
How is one to create a new user with some password options Help auth0 , api , management-api	4	4292	July 18, 2020
New user via API - set password flow Help auth0 , password , manage-users	16	6105	June 16, 2021
Allow user to set password on first login? Help registration	3	4757	December 22, 2022

How to create a user with no password, or if impossible, include password in verification email

Related topics