Organization Membership - Initial Password Change Not Happening

bharath · August 2, 2024, 2:47pm

Ready to post? First, try searching for your answer.
Background:
We are using the Auth0 Management API (NodeJS -4.7.0) to
a) Create a new user with an initial random password
b) Adding a user to an organization
c) Creating an invitation with a role in the organization
d) Verification Email is off.
e) User Invitation Email is configured with {{ url }} and the invitation is generated with the Auth0 Application ID to which the user should be redirected to

Issue:

Since the user’s initial password is set by management API and not know to the user, it should ask them to change their password, before redirecting them to the app. However, it is directly sending them to the app’s redirect uri (with invitation_code, org_name). This used to work - not sure if there are any changes on Auth0 side recently.
Once the user clicks the email, it should mark the user’s email as verified but it remains unchanged.

Plan: Essentials

I would appreciate any help regarding this issue

rueben.tiow · August 2, 2024, 9:57pm

Hi @bharath,

For the first issue, I recommend offering the users you created to set their own passwords by sending them an email invitation. To do so, you can repurpose a
change password email to become an email invitation. I suggest referring to our Send Email Invitations for Application Signup documentation regarding that.

As for the second issue, could you confirm if the user is clicking on the verification email to verify their email addresses?

Thanks,
Rueben