Mapping Roles from Salesforce to Auth0


I have been tasked with setting up a client to map Salesforce role information to roles within auth0, so that information can carry to our other applications. My current understanding is that I can use the auth0 SDK to interface with our organization and map roles on login. However, I am unsure where exactly this piece fits in.

Does it go in front of applications/apis? And how would that be configured?

Will I have to make an api call to the mapping client, configured with the auth0 SDK, in order to get it to work?

Would it be better to implement the logic in auth0 actions?

How would a refresh token play into this? We have also been tasked with configuring a way to set a refresh token for authenticated users so that we can revoke access to an application without the user needing to re-login in order to notice they no longer have access.

Any advice is much appreciated!

Hi @rmendoza,

Welcome to the Auth0 Community!

Usually, you can accomplish this by using a Post Login Action flow. In the script, you can use the Management API to assign roles to your users.

Please see this related knowledge solution regarding this:

Now, you will want to make sure that you have these Salesforce roles created in your list of Roles before assigning them to users.

Lastly, if you were to use a refresh token to get a new access token, all of your action scripts will rerun and trigger again.

Keep me posted on how this goes for you.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.