I’m creating a web application and I’d like to be able to restrict user signup. To do this, it’d be ideal if I could, for example, send the verification email to either my admin email, or another trusted user’s email instead of (or as well as) the email of the user signing up. So far I have not found any documentation on how to implement this.
The verification email does not prevent account creation, it verifies that the email address is real.
So you cannot use it to restrict user signup.
I’d recommend using a non-invite flow (disabling signups, creating accounts through the management API) and having users request accounts directly from you, not Auth0. For those you approve, you create the account and start them off. There’s a fair amount of work in this.