Roles for Suborganizations


we are currently evaluating Auth0 for our use cases.

We have multiple clients that use our application, which we can easily hold in Auth0 as organizations.
But additionally, we need to divide these organizations further into suborganizations, these suborganizations again can consist of suborganisations, and so on.

User can be members of all or of some suborganizations and have different roles for different suborganizations.

As I can see, it Auth0 currently does not support suborganizations.
It might be possible to hold the information about the suborganizations in our domain and check it with a login action or rule.
But for this it has to be possible:

  • to trigger a token refresh if the user changes suborganization
  • to add a role to the token only, but not to the user

Is this possible? Or are there other ways we could achieve our use cases?

1 Like

Hi there @mathias.mahlknecht welcome to the community!

That’s correct, Auth0 does not currently support sub-organizations. Typically, what I have seen implemented is a tenant per customer + Organizations or simply an Organization per what would be “nested” Organization where each of these has their own database assigned.

The following thread has some good information regarding a user switching Organizations:

Here is an FAQ regarding adding roles to tokens:


Are you able to elaborate on what you mean here? No roles will exist at /api/v2/users/{id} but rather /api/v2/users/{id}/roles for top level roles and /api/v2/organizations/{id}/members/{user_id}/roles for Organization specific roles.

I did also find an existing Feedback request for sub-organizations:

Hope this helps!


Thanks, this was very helpful.

1 Like

No problem, happy to help! :smile:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.