I have an admin web application (regular web application) and I only want users with the “admin” role to log in. How can I do that?
It seems to me I can do that by using a rule based on “Active Directory group membership”, but it seems to me like it should be simpler and I am missing something obvious.
Thanks for the hints!
One way is to inject roles in the ID or Access Token, and check for that in your api. Pablo Cibraro
Thanks for sharing that with the rest of community!
@cibrax if I understand it correctly, that means users would be successfully authenticated in the Auth0, but denied access on the API/application side?
I’ll try that, but I’d really love it I could deny authorization on the Auth0 side already as I consider this particular API less secure.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.