[Passwordless] How to require approval for new users

Hello, we have our first application setup with Auth0 and have enabled passwordless login.

Currently, any new email address added to the login screen is being granted access (i.e. the temporary code is emailed to them and they’re allowed into the application), whereas we only want approved users granted access.

Where in the settings can I configure it so that if an email address is not an approved user for that application, they are not given access and instead are informed that they don’t have access to the application?

It’s just not clear to us where we can update these settings.

Thank you

Hi @novatech ,

Welcome to the Auth0 Community!

I noticed that you opened a Support ticket for the same issue. Once it’s solved, I will share the solution on this topic so other community members can benefit from it.


Previous message deleted due to SPAM reasons

Below is the answer/solution provided by our DSE in the support ticket.

This could be accomplished by using a Pre User Registration Action. Here are the sample scripts:

exports.onExecutePreUserRegistration = async (event, api) => {

    // Emails that decidedly have access to the application
    const approvedEmails = ["Fill", "This", "Array", "With", "Approved", "Emails"];

    // Iterate through the array using a for loop
    for(let i = 0; i < approvedEmails.length; i++){

      // And assign every index to a var
        const approved = approvedEmails[i]
      // If the current user's email does not match any of the pre-approved emails, we will reject them
        if (event.user.email != approved){
          api.access.deny("All Access Denied Error:","You are not permitted to access this application using the email provided."); 

The validation logic above will prevent new users from accessing the given application if their email does not exist in the approved email array. For more information on this type of action, please have a look at our documentation: Pre User Registration Flow

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.