Migrate User's permissions to another account

Typically, when we have a user who signs in with 1 account (username/password), and they choose to start using a social login, account-linking solves assigning permissions to this new account.

We have some users who have never logged in. They have already been assigned permissions. Their company is moving to another connection type. When they log in with this new connection type, they will not get an account-link prompt since they never logged in with the 1st account and thus not have the permissions from the first account.

Is there some way to:

  1. migrate or share the permissions between the 2 accounts without scripting several API calls
  2. prevent/circumvent this problem altogether?

Hi @pgomez ,

I’m afraid there isn’t an endpoint or extension that can copy permissions out of the box in one request.

You would need to get the user to sign in on the new connection type once (assuming it is an Enterprise or Social connection, if it is a Database connection you could pre-allocate the permissions at your convenience like you did initially) and then have a backend process/ admin link the accounts using the second method detailed here: Auth0 Management API v2

There’s also the possibility you could map permissions based on claims the connection’s IdP provides such as group membership if that is applicable to your use case, which could be done via calling the Management API in rules/actions on their first login to read their profile and add permissions/roles appropriately.

Or the only other way I can think of would be to copy the user’s permissions and then recreate them in the new account, before finally deleting the original account you made for them that they never logged into, which would require several API calls.