Manually creating users for social login

Hi,
We’re looking into how to programmatically create new users and receive an Auth0 ID and have that user receive a link to finalize the process by using social login (e.g. Google). We want to avoid sending a “reset password” email and we’d ideally want to enforce the possible sign-in methods at user creation.

The flow should be:

  • Admin creates a user with an email “user@gmail.com
    • We can programmatically assign the user to specific internal resources given the Auth0 ID
  • User receives a “Welcome” email with a link
  • User navigates to the link, only the allowed logins are available
  • User clicks on Google for example, must sign-in with “user@gmail.com
  • After the process, the user is redirected to our platform
  • The user can’t add other authentication methods, can’t set/reset a password.

I’ve been looking around the documentation, but any pointers would be very helpful.

Thanks

Hi @lewis1,

welcome to the community. You as an admin can’t create a user for a social connection / upstream IdP. Therefore you need to go with a database connection and account linking.

  • Create the user in a database connection, via Dashboard or Management API. Disable signups.
  • Enable Rule "Link Accounts with Same Email Address while Merging Metadata" (note that by default the rule requires the user account in the database connection to be email_verified. Since you allow login via social connection only anyway, you can remove that check in the rule)
  • For your Client Applicationm, in it’s connection settings, only enable the Google Social Connection, not the database connection.
  • To avoid other Gmail users, which you didn’t create, to login/signup via your Client Application, put a rule in place that checks that for the current user, one with the same email address exists in the database connection, otherwise reject the login.