I need to access which organizations a customer is a part of for a SAML application to set some additional attributes in the response. The application is configured to require a user to be a member of an organization.
This throws an error saying organization isn’t available, “parameter organization is required for this client”. The user logging in is a member of an organization so I don’t know what to do here.
Additional context, the app itself logging in is organization unaware. Auth0 has that information, it knows which organizations a user is a part of and I need access to it in actions. Cannot find anyway to do this but it seems like a pretty basic thing to have access to.
Reading through your use-case, I believe there are a couple of reasons for this behaviour, please check these to rule them out and potentially find the issue:
the Connection of the authenticating User is not enabled for the Organization;
Auth0 Tenant Uses Default Directory Connection Instead of Application-Specific Connection - this is applied to Organizations as well. If there is a Default Directory set on your tenant, the Org will automatically attempt to login a user against that Connections, even though it might not be enabled for the Org. You can check your tenant logs for the failed login, it will show information such as the Connection and Application.
In addition, it might be worth for me to leave this information as well, but in order to access the list of Organizations that a user is part of, you will need to make a call to the List user’s organizations endpoint. You could make this call, then add this information to the user’s app_metadata. This way, you can configure your Action to instead check for the app_metadata for the user post-login, in case this is an option for you.
Let me know if you were able to solve the issue, or if it’s still ongoing. Your tenant logs could provide useful information that can help solve this, so please take a look.
I think this ultimately came down to my misunderstanding of the login options on my application. I had my login flow set for “No Promp”, which worked fine until I wanted to start inspecting organizations in my actions. Swapped it to “Prompt for Credentials” and this appears to load the organization parameter correctly.
Thank you for confirming, glad to hear this is not resolved for you!
There are a large number of variables that can affect the login behaviour and it is easy to miss some " obvious " settings and focus on the more in-depth details.