I need to filter which organizations appear in the organization picker based on the specific Auth0 application being used.
We have multi-tenant B2B application with two organization types: “customer” and “service” (stored in organization’s metadata). Auth0’s Mobile App should only show customer organizations in picker. Web SPA should show all organizations. Both apps use the same connections (Azure AD + Username-password-auth). Users are members of both customer and service organizations. Users get to choose organization after they’ve logged in. Post-login action enriches tokens with organization metadata.
What I’ve investigated:
- Disabling connections at the organization level affects ALL applications, not just Mobile App, which would break Web SPA access to service organizations.
- Organization picker appears to be tenant-wide and shows all organizations a user belongs to regardless of which application they’re accessing.
- Creating a custom pre-login organization picker would require:
- exposing which organizations exist for an email before authentication or
- two-stage authentication where user logs in, app fetches their organization via MGMT API, show custom filtered picker, user re-authenticate with selected organization
Questions:
- Is there a way to filter which organizations appear in the picker on a per-application basis without affecting other applications?
- If not natively supported, what’s the recommended architecture for implementing application-specific organization filtering?
Thanks for any guidance.