How to create a user with no password, or if impossible, include password in verification email

I’m not sure if this would be an “invite flow” or “invite-only flow”, or what, but we have a web app (SPA Angular appwith a .Net Core Web API) where the main user (administrator) creates an account with our software package on our web app, and then our API creates an account on Auth0 using the Management API. The administrator then can create as many users as he likes for his staff/employees. Again, for each of these users, our API creates a user on Auth0 using the Management API. Since, as far as I’m aware, a user must be assigned a password at the moment of creation, the administrator must pick a password for each user he creates. Auth0 then automatically sends out an email to each of these users asking them to verify their email address. When the user follows this link, it takes them to the Auth0 login screen where they have to fill in their email address and password. However, the user doesn’t know what his password is unless the administrator tells him.

My question is: is there no way at all to defer picking a password until the user logs in for the first time? Upon first logon, the user could pick their own password.
Alternatively, if a password MUST be set at the moment of creating the user, could this password be displayed to the user in the email verification email? I would essentially treat this as a temporary password, as I would also require the user to change their password upon first logon in this case.,

Thanks

Hi @fabs .

You can create users without a password when carrying out a bulk import into a database connection, they would then need to go through the password reset flow before they could login.

Please see the documentation here on a way you could implement an invite flow using our current feature set:

Using the above you re-purpose the reset password flow as a “choose your new account password”, and you can customise the Password Reset page so the text makes more sense in this context for your end-users.

2 Likes

Thanks, sgo. So, I guess I would then turn off automatic sending of verification emails in this case, so that the user doesn’t automatically receive a verification email when the administrator creates his account. And then, after his account is created, my API could send the user an “Auth0 change password email” using a customized email template to make it look like a “choose your new password account” email.

Yes, that’s right :slight_smile:

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.