Organization invitation flow

I repeat the same process mentioned in closed topic

  1. I Created redicrect flow from my local app and added loging url in application configuration with redirect to /authorization?..whatever&invitation=xxx&organization=yyy
  2. I send invitation from auth0 dashboard
  3. Received email and clicked on link
    === This is where things go wrong per my understanding
  4. See a window with proposal not to entry a new password (this is already is wrong), but to reset password.
  5. Ok, clicked forgot password
  6. Entered an email again!!! (why do I need to, you already know my email)
  7. No email received (well, it makes sense because user not yet created)
  8. In organization, user mentioned as pending

What I’m doing wrong?


  1. I don’t see this invited user in users database
  2. This documentation is very vague I need to guess too many things for person who just wants getting things done. Especially not mentioned that you absolutely have to have a working HTTPS endpoing which could redirect to auth0 with invitation parameter
  3. I read this link but here’s also no related information on what should I expect when I do this
  4. I tried to replicate enrollment via REST API, no difference, user asked to enter existing password instead of password creation right away

I created a GH project to send invites manually till organization invitation will be fixed.

Ok, I managed to workaround this problem

  1. I allowed to both personal and org login
  2. in my application when user logged in, I calculate the most probable organization assuming that 99% users will have only one
  3. initiating another login flow now specifying organization I found on step 2

looks ugly but at least end-user does not see this back-and-forth

Hey @Const thanks for sharing your workaround and welcome to the community!

Do you have an application login uri enabled on the application in question? I wasn’t able to reproduce the initial behavior you described when I had this configured in my own environment.

I had a discussion with Support. We identified that password reset flow was done from the management application, not the one I’m using for login. This is why there’s no redirect button. Probably it makes sense to explicitly state it somewhere in documentation, that /!\ you should pay attention to what application is used to reset password.

Great, thanks for following up here with the community and appreciate the feedback regarding documentation :slight_smile:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.