I have an admin web application (regular web application) and I only want users with the “admin” role to log in. How can I do that?
It seems to me I can do that by using a rule based on “Active Directory group membership”, but it seems to me like it should be simpler and I am missing something obvious.
Thanks for the hints!
One way is to inject roles in the ID or Access Token, and check for that in your api. Auth0 - Enrich ID tokens with custom data
Thanks for sharing that with the rest of community!
@cibrax if I understand it correctly, that means users would be successfully authenticated in the Auth0, but denied access on the API/application side?
I’ll try that, but I’d really love it I could deny authorization on the Auth0 side already as I consider this particular API less secure.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.