Roles for Suborganizations

mathias.mahlknecht · July 5, 2022, 2:39pm

Hi,

we are currently evaluating Auth0 for our use cases.

We have multiple clients that use our application, which we can easily hold in Auth0 as organizations.
But additionally, we need to divide these organizations further into suborganizations, these suborganizations again can consist of suborganisations, and so on.

User can be members of all or of some suborganizations and have different roles for different suborganizations.

As I can see, it Auth0 currently does not support suborganizations.
It might be possible to hold the information about the suborganizations in our domain and check it with a login action or rule.
But for this it has to be possible:

to trigger a token refresh if the user changes suborganization
to add a role to the token only, but not to the user

Is this possible? Or are there other ways we could achieve our use cases?

tyf · July 13, 2022, 12:45am

Hi there @mathias.mahlknecht welcome to the community!

That’s correct, Auth0 does not currently support sub-organizations. Typically, what I have seen implemented is a tenant per customer + Organizations or simply an Organization per what would be “nested” Organization where each of these has their own database assigned.

The following thread has some good information regarding a user switching Organizations:

Here is an FAQ regarding adding roles to tokens:

Regarding:

Are you able to elaborate on what you mean here? No roles will exist at /api/v2/users/{id} but rather /api/v2/users/{id}/roles for top level roles and /api/v2/organizations/{id}/members/{user_id}/roles for Organization specific roles.

I did also find an existing Feedback request for sub-organizations:

Hope this helps!

mathias.mahlknecht · July 13, 2022, 6:23am

Thanks, this was very helpful.

tyf · July 13, 2022, 5:39pm

No problem, happy to help!

tyf · July 28, 2022, 5:40pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.