It may depend on the situation, if you plan to only allow login through database connections (no social or other external providers) you could use a post-user registration hook (Post-User Registration) to be informed when a new user has been registered.
However, given the hook only applies to certain connections possibly the best way would for your own application logic to handle that when receiving the login responses tokens. As in, if it received a login response token and the user id is not yet available then perform any first time user actions applicable for this particular application.
You could also consider rules (Auth0 Rules - which will run for all connection types) as a means to perform certain actions once per unique user. Given rules execute for every login you would need to have extra logic (metadata flags) so that you know that for the current user first time user actions have already been completed and this is a recurring login.
From what you described I would likely manage this from the application to start with and once you get tokens you would check your DB to see if it’s the first time the user is seen in your system or not. Getting user information can be done either based on the information in the tokens you receive or by calling Management API from your backend.