Problem statement
We have a process by which we create users in our system. Once created, the user receives an email to set up the password and activate the account. As we are moving towards Auth0, we will create those users in Auth0 using management api calls. We are using “Username-Password-Authentication” as our user database. We have two questions:
- Will Auth0 send a confirmation email to those users created via Mgt API calls?
- When creating the user with a management API call, is it required to set the password for the user?
Solution
If you have enabled the verification and welcome email templates, the emails will be sent to users created via the Management API. You can suppress the verification email from being sent by using the “verify_email” parameter. Below doc explains the parameter in the create user endpoint.
If the welcome email template is enabled, the email will be sent either after the user verifies their emails or immediately after user creation if the verification email has been suppressed/not enabled.
Regarding the user’s password, for database connection, you must set a password value on user creation. This could then either be shared with the user or they could be asked to perform a password reset flow to set their own password without needing the value you used.
We have some documentation here on using the password reset flow as an invitation-type flow here:
If you are already using the Management API to create your users, we recommend using the password change ticket approach so you can give the user a one-use link to reset their password in an “invitation” type email or through some other secure means. With this, you can tailor the wording so they aren’t confused about resetting a password they didn’t set up themselves: