Restrict Sign-Ups to Just Invited Users for Organizations

auth0.knowledge2 · August 1, 2025, 8:48pm

Overview

This article addresses how an organization can to restrict sign-ups to only invited users for a particular connection and application, even when general sign-up for that connection is disabled. It provides a solution to prevent uninvited users from signing up while still allowing invited users to accept their invitations and create an account.

Applies To

Organizations
Connections
Applications

Solution

To achieve the desired behavior, follow these steps:

Configuration Steps

Disable Sign-Up for the Connection:
- In the Auth0 Dashboard, navigate to Authentication > Database (or the relevant connection type).
- Select the specific connection you are using.
- Ensure that the “Allow Sign Ups” option is disabled.
Add the Connection to the Organization with Sign-Up Enabled:
- In the Auth0 Dashboard, navigate to Organizations.
- Select the relevant organization.
- Go to the Connections tab.
- Add the connection that was previously disabled sign-ups for.
- Within the organization’s connection settings, ensure that “Enable sign-up” is checked. This allows invited users associated with this organization to sign up through this connection.
Enable the Connection and Login Experience for the Application:
- In the Auth0 Dashboard, navigate to Applications.
- Select the application.
- Go to the Connections tab.
- Enable the connection configured in the previous steps.
- Ensure that the login experience for this application is set to “Prompt for credentials” or a similar setting that allows new users to provide their details.

Preventing Unauthorized Sign-Ups with a Pre User Registration Action

To prevent uninvited users from signing up even if they guess the organization ID, implement a Pre User Registration Action. This action will check if the user attempting to sign up has an active invitation to the organization.

exports.onExecutePreUserRegistration = async (event, api) => {
  const { ManagementClient } = require('auth0');

  const management = new ManagementClient({
    clientId: event.secrets.UM_M2M_CLIENT_ID,
    clientSecret: event.secrets.UM_M2M_CLIENT_SECRET,
    domain: event.secrets.UM_M2M_DOMAIN,
  });

  const invitations = await management.organizations.getInvitations({ id: event.secrets.organizationId })
  const inviteeEmails = invitations.map(item => item.invitee.email)
  const userEmail = event.user.email

  const isInvited = inviteeEmails.includes(userEmail)

  if(!isInvited){
    api.access.deny("You need an invitation code to sign up.","error")
  }

};

Please note that this action is just an example and it is not intended to be used as is.

Topic		Replies	Views
Possibility to Implement an Invitation Flow using Auth0 Organizations while Disabling Sign-up on a Connection Knowledge Articles sign-up , invitations	1	324	May 16, 2024
How To Restrict Signups to a Specific Connection for Users Invited to an Organization Knowledge Articles	1	66	October 24, 2024
Invite-only - Allow signup from invited but no one else Get Help auth0 , invite-only , organizations	12	9917	December 6, 2021
Universal Login prevent Sign Up, but allow invitation acceptance Get Help login-experience , new-universal-login-experience	3	1048	October 19, 2023
Only allow signups through Universal Login when invited to an organization Get Help login-experience , new-universal-login-experience	0	1050	September 4, 2023