Organizations scopes (logs and m2m)

Hi,

I’d like to know if using the enterprise plan with organizations, it is possible to create and manage M2M tokens withing a single organizations or they are available only globally in the tenant.

In the same topic, from the documentation, I didn’t understand if in the tenant I may setup userX that is an Admin in organizationA and a Viewer - Users in organizationB.
If this is possible access to logs is scoped for each organization? Like userY can view logs only for organizationA

Thank you in advance!

Applications that have organizations turned on cannot use the client credentials grant type, so you would need separate M2M applications per organization.

That documentation applies to access to your Auth0 Dashboard. These are very dangerous permissions to give out. I do not think you can limit access to certain organizations. You can limit edit access to certain applications and connections, but not read. You may want to have a separate api that allows customers to pull the information that they need from within your applications.

Thank you!

Applications that have organizations turned on cannot use the client credentials grant type, so you would need separate M2M applications per organization.

Ok so M2M tokens can be scoped and managed by each organization and not only globally (tenant level) like another application.

These are very dangerous permissions to give out. I do not think you can limit access to certain organizations

In fact since these permissions are quite dangerous I’d like to scope them down on single organizations to have 1/2 global admins for the tenant and 1 admin for each organization that is able to managed the applications, roles, users, etc. without impacting the other organizations