Invite-only - Allow signup from invited but no one else

Hi all,

I’m trying to implement invitation workflow using organisations.
For now I successfully did it. :tada:
But I need to enable signup for all user to allow invited user to register properly.

Is there a way to enable sign ups only for invited users?

Thanks in advance

1 Like

Hey there!

Let me reach out to appropriate team to find out more about it!

1 Like

@konrad.sopala any update?

Hey there!

Here’s what the team shared:

“You can just rely on the fact that signups in Auth0 can be disabled entirely, then you can create a user and invite them via the invite only flow instead of the orgs invite flow and grant them membership”

1 Like

Thank you for answering!

By invite flow do you mean this process: https://auth0.com/docs/brand-and-customize/email/send-email-invitations-for-application-signup?

If yes, it feels more like a workaround than an invite flow, to me organisation invite flow seems the way to go.

Yep that’s what I meant. I know it can look like a workaround but that’s actually the flow we recommend for invites. That’s also what Organisations team suggested here.

Hello Konrad,
Will there be the possibility to have the sign-up via organization decorrelated from the general sign-up in a more or less near future ?
Your solution is a workaround, it’s not normal that we have to make this kind of development for a solution as important (and expensive) as Auth0.
I know the organization feature is a new feature and will be enhanced in the future, but we don’t have a clear roadmap on this and it clearly looks like a necessity in a B2B context.

The invite-only flow can be achieved with Organizations with an easier workaround in case you don’t want to follow our general invite-only flow:

You could pre-create the account for the user before inviting them with a random password (in case of a database connection) and then invite them via the Organizations invite flow as usual so they can just reset their password instead of creating a new account. This will avoid later some Management API calls to assign the user to the right organization, assign roles, etc. You just need to create an account and then communicate the user to reset their password when accepting the invitation.

Hello Ale,
Thanks for the answer.
From what I understand, this is still not a consistent invite flow for our users. Since there is no solution that can be used simply with Auth0, we were planning to use your invite-flow by hijacking the display of the password change page and then assigning the user to the organization without sending them an invite email for the organization.
Will the user be correctly added to the organization if we do this?

Hi Ale,
Thank you for the answer, I have tried to implement it but with no success :frowning:

Steps I have made are:

  1. Create user using:
    Auth0 Management API v2
    Provided body properties: { email_verified: true, email: “myuser@mail.com”, connection: “Username-Password-Authentication”, password: “random password” }
  2. Invite user via org using:
    Auth0 Management API v2

When user receives the invitation email and tries to do the “Forgot Your Password” flow, no email is being sent.
Any suggestions ?

Found out what was my issue :slight_smile:
It seems that I was missing the “Add members to an organization” API.

So to summarize, doing the below 3 API during the invitation flow solves it for me:

  1. Create user
    Auth0 Management API v2
  2. Add members to an organization
    Auth0 Management API v2
  3. Create invitations to organization
    Auth0 Management API v2

Now the new invited user can also do the “Forgot Your Password” flow.

It would have been nice if this was part of the docs:

At least until there is a more natural solution for this use case. :thinking:

Hey there Folks!

I’ve got a final update for you with the solution:

  1. Create a database connection.
  2. Enable it for each organization as needed.
  3. Use Organization Membership Invitation, assigning role & user metadata as needed
  4. Don’t use that database connection for other applications if you don’t want anyone to be able to signup
1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.