we are currently evaluating Auth0 for our use cases.
We have multiple clients that use our application, which we can easily hold in Auth0 as organizations.
But additionally, we need to divide these organizations further into suborganizations, these suborganizations again can consist of suborganisations, and so on.
User can be members of all or of some suborganizations and have different roles for different suborganizations.
As I can see, it Auth0 currently does not support suborganizations.
It might be possible to hold the information about the suborganizations in our domain and check it with a login action or rule.
But for this it has to be possible:
to trigger a token refresh if the user changes suborganization
to add a role to the token only, but not to the user
Is this possible? Or are there other ways we could achieve our use cases?
That’s correct, Auth0 does not currently support sub-organizations. Typically, what I have seen implemented is a tenant per customer + Organizations or simply an Organization per what would be “nested” Organization where each of these has their own database assigned.
The following thread has some good information regarding a user switching Organizations: