Managing user groups with delegated admin extension

Hi,

I wanted to give a selected set of users user management capability without being able to change anything in the tenant. I was able to setup delegated admin extension. But it shows a screen only to edit users. I would like to allow dedicated user admins to add/remove users from groups. Is there some way this can be achieved?

Thanks

Hi @shaiju.janardhanan,

Welcome to the Auth0 Community.

I understand that you are looking to provide your Delegated Admin users the ability to Create and Delete end-users from groups.

In this scenario, my best recommendation would be to assign the Delegated Admin - User role to your Delegated Admin users’ app_metadata.

app_metadata
{
  "roles": "Delegated Admin - User"
}

Providing your Delegated Admin users with this role grants them permission to:

  • Search for users, create users, open users, and execute actions on users (such as delete or block).

Please let me know if there's anything else you need help with.

Thanks @rueben.tiow for the reply. I would also like this user to have permission to manage user groups so that they can add/remove users to specific groups depending on the team. Is that possible?

Hi @shaiju.janardhanan,

Unfortunately, the Delegated Admin Extension does not allow these Delegated Admin users to manage user groups.

If you would like to accomplish this behavior, it would be possible to invite them as a Tenant Administrator. And using the Authorization Extension to manipulate user groups/roles/permissions.

Inviting them as a tenant administrator has the apparent drawback of exposing your tenant to them. Therefore, if this is undesired, there will be no way to invite them to manage user groups.

In the meantime, I am collaborating with other team members to see if there are alternative solutions without exposing the entire tenant to the administrator user. If new information arises, I will relay that information to you.

Sure , thanks for the information

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.