Hello, we have our first application setup with Auth0 and have enabled passwordless login.
Currently, any new email address added to the login screen is being granted access (i.e. the temporary code is emailed to them and they’re allowed into the application), whereas we only want approved users granted access.
Where in the settings can I configure it so that if an email address is not an approved user for that application, they are not given access and instead are informed that they don’t have access to the application?
It’s just not clear to us where we can update these settings.
I noticed that you opened a Support ticket for the same issue. Once it’s solved, I will share the solution on this topic so other community members can benefit from it.
Below is the answer/solution provided by our DSE in the support ticket.
This could be accomplished by using a Pre User Registration Action. Here are the sample scripts:
exports.onExecutePreUserRegistration = async (event, api) => {
// Emails that decidedly have access to the application
const approvedEmails = ["Fill", "This", "Array", "With", "Approved", "Emails"];
// Iterate through the array using a for loop
for(let i = 0; i < approvedEmails.length; i++){
// And assign every index to a var
const approved = approvedEmails[i]
// If the current user's email does not match any of the pre-approved emails, we will reject them
if (event.user.email != approved){
api.access.deny("All Access Denied Error:","You are not permitted to access this application using the email provided.");
}
}
return
};
The validation logic above will prevent new users from accessing the given application if their email does not exist in the approved email array. For more information on this type of action, please have a look at our documentation: Pre User Registration Flow