Setting up Directory Sync

I’m trying to setup directory sync using Auth0, is it only supported for AD?

I was also considering user the Get Users endpoint to fetch a list of all users for the connection and handle the directory sync myself. Does the Get Users endpoint (Retrieve Users with the Get Users Endpoint) return a list of all users for that connection or only those who have already logged in via Auth0 before?

Thanks,

Hi @umar,

Thanks for reaching out to the Auth0 Community!

You can set up directory sync with Enterprise connections such as AD by enabling the Sync user attributes at each login feature. This can be done following the instructions provided in the Configure Connection Sync with Auth0 documentation.

Additionally, the Management API’s Retrieve Users with the Get Users Endpoint allows you to retrieve a list of all users in all connections, regardless of whether they have logged in before or not. If you want to filter users by a specific connection, you can specify the connection name in the request using the following format:

For example: q=identities.connection:"connection_name"

Here is an example in code:

curl -H "Authorization: Bearer {{YOUR_MANAGEMENT_API_TOKEN}}" https://YOUR_DOMAIN.REGION.auth0.com/api/v2/users?q=identities.connection:"Username-Password-Authentication"

Please let us know if you have any further questions.

Thanks,
Rueben

Thank you for the clarification. I just wanted to confirm, for the Management API you said this is available for all enterprise connections. So does that also include integrations such as Okta, Google Workspace, OIDC, SAML etc? And we can fetch all users even if that user has never logged into our application before?

Thanks again!

One other thing along the same note. Is there any web hook that allows us to be notified if a user is added to a directory that is connected via Auth0 enterprise connection?

Hi @umar,

Thanks for the responses.

AFAIK, the user will need to log in at least once to have their profile created in your Auth0 Enterprise Connection. Take note that user creation is not supported with Enterprise connections because the users are supposed to exist in the external federated identity provider (e.g. Google Workspace).

Then in the future, if the “Sync user profile attributes at each login” toggle is enabled, the user will have their profile sync during each login which keeps their profile consistent.

Yes, it does include enterprise connections such as Okta, Google, OIDC, and SAML.

Specifically with Enterprise connections, it requires the user to log in at least so that their profile is created in your Auth0 Enterprise connection. Considering this, it will not be possible to fetch all Enterprise connection users that have never logged in to your application.

If the users are from a database or passwordless connection, calling the Management API’s List or Search Users will retrieve users that have never logged in before. Using the same endpoint to search for enterprise connection users will require the user to have their logins_count=1 at minimum.

Unfortunately, this is not possible since Auth0’s Post-User Registration Action only works with Database and Passwordless connections. One workaround I would suggest is using Log Streams to capture log events around the user getting added to your Enterprise connection. Once that is done, you can add logic to be notified.

Please let me know how this goes for you.

Thanks,
Rueben

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.