How to pass organization name to open ID on azure?

Hi, I want to implement azure identity provider, and my question is, where should I enter organization name , to avoid this message:

{“code”:401,“message”:“An error of type ‘invalid_request’ occurred during the login process: ‘parameter organization is required for this client’”}

Or is it in setting of appliaction on Auth0 ?

Hi @erik.palencik

You are likely receiving this error because your application in Auth0 is configured with Organizations enabled with the organization prompt switched off. If you go to your application in Auth0 and click on the Organizations tab it might look like the below:

If you intended to use this configuration then you will need to add the relevant organization_id to your /authorize request like this:

https://<tenant>.<region>.auth0.com/authorize?...organization=org_fnHzfsfJudj2Vxao

Also see here for a list of possible request parameters https://auth0.com/docs/api/authentication#authorization-code-flow

If the configuration was not intended then you simply just need to change the field “What types of end-users will access this application” to either “Individuals for personal use” if you don’t plan on using the Organisations feature or “Both” if you do plan on using it. With the latter, you’ll need to pass in the organization_id to login in the context of an organization but with this configuration it would be optional depending on your use case.

Hope this helps.

Warm regards.

1 Like

Hi, thanks for reply, I understand what is happening, but I have multiple organizations under 1 auth0 account, with a few accounts assigned to every organization,… every app is per 1 organization ,… But where should I put “organization=xyz” ??? I’m using azure active directory, I have like 0 code about authorization / redirecting in my application. All configurations of redirection are only here:

Hi @erik.palencik

The screenshot you posted here relates to your connection, the organization_id does not go there, it goes in your application code. For example if you were using the Auth0 SDK for Single Page Applications (auth0-spa-js) you would intialize the SDK in your code like this so that you wire it up to your tenant and application on your tenant:

import { createAuth0Client } from '@auth0/auth0-spa-js';

//with async/await
const auth0 = await createAuth0Client({
  domain: '<AUTH0_DOMAIN>',
  clientId: '<AUTH0_CLIENT_ID>',
  authorizationParams: {
    redirect_uri: '<MY_CALLBACK_URL>'
  }
});

If you wanted to pass in an organization then you would just pass in the organization_id like this:

const auth0 = await createAuth0Client({
  domain: '<AUTH0_DOMAIN>',
  clientId: '<AUTH0_CLIENT_ID>',
  organization: '<MY_ORG_ID>',
  authorizationParams: {
    redirect_uri: '<MY_CALLBACK_URL>'
  }
});

As per the docs here https://github.com/auth0/auth0-spa-js/blob/bb5a26aa3e60436e022aac98e9dcb9f423e66cb0/EXAMPLES.md#organizations

Please check the documentation for your specific stack https://auth0.com/docs/libraries

Warm regards.

1 Like

Yeah, this is nice, but condition for my APP is to be protected by Azure Active directory, and I don’t have SPA, I can have anything (hybrid, template rendering),… My application belongs to one organization… Is there any way how to pair them on AUTH0 side? I know apps A, B, C area paired for organization X only.