Provisioning Users with Roles and Permissions Before First Log In

Last Updated: Apr 1, 2025

Overview

This article provides details on how to assign Role access for a given authentication provider (for example, Azure AD) before the user ever logs in.

Applies To

  • Provisioning
  • Role Access

Solution

Using SCIM it is possible to provision users in Auth0 without requiring them to log in first. Refer to Inbound SCIM for Azure AD SAML Connections. Users will then be accessible via the Dashboard / Management API for assigning roles and permissions ahead of their first log in.

Alternatively, if you are using the Authorization Core, you can leverage the Management API in a rule to assign a role on the user’s first login based on login count. Refer to the Knowledge Article Add a Default Role to a New User on First Login for an example of how to accomplish this.