Simple step by step getting started guide for organizations?

I keep getting this error: “client requires organization membership, but user does not belong to any organization”

I’m guessing this is not a configuration error, but rather probably my stupidity in setting it up on the dashboard. But I couldn’t find the solution anywhere.

I’m trying to change my apps user type from “individuals” to “organizations”.

Here are the steps that I took:
[I started from scratch to make these steps easy to reproduce]

  1. Create a new tenant
  2. Follow the guide, set up a new Next.JS “Regular Web Application”
  3. Download and use the example app provided in the guide
  4. Follow the steps in the guide (callback uri, logout uri, etc)
  5. Create a new user in user management

— Checkpoint—
Now everything works normally. I run the app, try logging in and login succeeds, and user data + profile pic is shown. All is good.

Now, lets try moving to organizations instead of individual:

  1. Create a new organization (called ‘test’)
  2. In Applications, choose your application and go to the “organizations” tab
  3. Under “Types of Users” try to choose “Buisness”
  4. Realize that this doesn’t work (option is disabled) because you have this warning on the top of the page:

This application has Client Credentials , MFA , Password , and/or Password OTP grants enabled. These grants are currently not supported when the application is accessed by team members of organizations. Learn MoreThis application has Client Credentials, MFA, Password, and/or Password OTP grants enabled. These grants are currently not supported when the application is accessed by team members of organizations. Learn More

  1. Click on the “Disable Grants Now” button because that seems like the only option
  2. Now you can click business
  3. Go back to the organization, and add your test user as a member
  4. Verify 9 million times that you actually added them as a member
  5. Try to log in
  6. You will get this error:
    CallbackHandlerError: Callback handler failed. CAUSE: invalid_request (client requires organization membership, but user does not belong to any organization)

For anyone who finds this. After hours of searching, I finally came across the fix, it’s super simple, but barely documented: In the organization’s settings you need to go to the “connections” tab, and connect it to your username-password db or whatever else you’re using.

6 Likes

Hey there @davidnagli welcome to the community and thanks for following up with your findings!

Here’s the documentation for future reference:

https://auth0.com/docs/manage-users/organizations/configure-organizations/enable-connections

3 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.