tyf
July 13, 2022, 12:45am
3
Hi there @mathias.mahlknecht welcome to the community!
That’s correct, Auth0 does not currently support sub-organizations. Typically, what I have seen implemented is a tenant per customer + Organizations or simply an Organization per what would be “nested” Organization where each of these has their own database assigned.
The following thread has some good information regarding a user switching Organizations:
Answering some questions that I posed after some digging around for an implentation.
Using the React-sdk, we can use the getAccessTokenSilently from the auth0 hook and pass in organization (similar to the same prop on the Auth0Provider) with the new org_id when a user wants to switch organization.
To do this, we have to pass in the ignoreCache flag when we get the access token (otherwise you’d get the same access token for the same organization.
Drawback is obvious, if a user switches back an…
Here is an FAQ regarding adding roles to tokens:
Problem statement
Is it possible to retrieve the user’s Roles and/or Permissions and include them in the JWT Token?
Solution
Yes, it’s possible to retrieve the user’s Roles and/or Permissions and append them to either the ID Token or Access Token. To do so, you must use a Post-Login Action script.
1.1 Roles
When adding the user’s Roles to the token, call the event.authorization.roles property and add it as a custom claim to the Token. Please see here on creating namespaced custom claims. Be…
Regarding:
Are you able to elaborate on what you mean here? No roles will exist at /api/v2/users/{id} but rather /api/v2/users/{id}/roles for top level roles and /api/v2/organizations/{id}/members/{user_id}/roles for Organization specific roles.
I did also find an existing Feedback request for sub-organizations:
Feature:
I would like to have hierarchical organizations structure
Description:
I would like the ability to create a hirearchial brand structure similar to what is described here (How do I handle "organizations" in a hirearchy )
Use-case:
It would allow finer grain control over access.
Hope this helps!
2 Likes