Identify organization without specifying in authorization request

Hi everyone,

I am doing a POC with auth0 for a mutlitenant SAAS application.

I am planning to create organizations for each of our tenants and add members to them via invitaions. We will not have members that will be shared across organizations.

I want to have a single login page for all tenants and want auth0 to identify the organization for me and send the org_id claim in the id token and access token as this is what I will use to identify tenant data on my api. I went through the docs for organization but specifying it upfront does not make much sense to our usecase and I would like to avoid for user to manually enter the organization name everytime in the login workflow.

Is this feasible out of box? If not, can I achieve this with any customizations?

Thanks,
Mustafa

Hey there @mustafa.sadikot!

Unfortunately, I’m not sure exactly what you are looking for is possible - You will either need to pass the org_id in the /authorize request which will bring the user to the correct login form, OR enable the organization prompt via your application settings at the Organization tab in order to allow users to specify the org themselves. There isn’t any sort of “discovery” supported as it might relate to Organizations.

Assuming the steps have been taken above to allow a user to login within the context of an Organization, the org_id should be automatically added as a custom claim in the ID and Access Tokens.

You can read a bit more about Organizations and tokens here:

Hope this at least helps a bit!

@tyf -

I did implement the usecase that you mentioned in my POC but it seems a bit restrictive. Usually with an identity server you would expect the organization/tenant to be identitfied automatically based on the login that the user uses. For e.g if I have only enterprise users, then based on the domain the user can be identified right, similar to what Microsoft or Atlassian does with their products.

Can I get organization details for the user in post login actions via event object? If that is possible then I can add a custom claim there and that would work.

I apologize for the delay here!

I agree with your sentiment here in that it doe seem a bit restrictive - It is possible to give users the option to choose which organization they belong to when logging in, but nothing more automatic like you’ve referred to. If you haven’t already I definitely recommend adding this as feedback here this way we can get it in front of other community users.

Thanks!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.