I am new to Auth0 and was curious how I (or another admin) can verify and approve users before they have access to the site? Currently a user just has to create a username/password and then they have instant access to the site. I want to only allow members of the organization into certain parts of the site. I have searched around the docs and cannot find any information on how to do this?
Hey there @isaacT welcome to the community!
You have a couple options here:
-
Look into relying only on sending email invitations.
-
A more involved flow wherein you add a flag in user’s metadata at registration, and subsequently deny the user in a post login action until the flag has been updated by you or another admin. The action code might look like:
exports.onExecutePostLogin = async (event, api) => {
if (event.user.app_metadata && event.user.app_metadata.status === 'pending_approval') {
api.access.deny('Your account is pending approval.');
}
};
1 Like
No problem, happy to help!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.