Regulating and verifying users before granting them access

I am new to Auth0 and was curious how I (or another admin) can verify and approve users before they have access to the site? Currently a user just has to create a username/password and then they have instant access to the site. I want to only allow members of the organization into certain parts of the site. I have searched around the docs and cannot find any information on how to do this?

Hey there @isaacT welcome to the community!

You have a couple options here:

  • Look into relying only on sending email invitations.

  • A more involved flow wherein you add a flag in user’s metadata at registration, and subsequently deny the user in a post login action until the flag has been updated by you or another admin. The action code might look like:

exports.onExecutePostLogin = async (event, api) => {
  if (event.user.app_metadata && event.user.app_metadata.status === 'pending_approval') {
    api.access.deny('Your account is pending approval.');
  }
};

1 Like

Thank you @tyf Option one sounds the most promising. This is exactly what I was looking for.

1 Like

No problem, happy to help!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.