Problem statement
This article explains how to suppress sending a verification email for one application but keep the automatic verification email functionality for other applications on the tenant.
Solution
In order to suppress the verification email from being automatically sent for certain applications, there are a couple of options:
- Set up an interface that could call the tenant’s Management API to create users and specify one of the following in the new user’s attributes:
- email_verified: true (this will consider the user already verified at creation, and no email is automatically sent)
- verify_email: false (this can be used to stop the automatic verification email being sent, even if the “email_verified” attribute is set to false or not specified)
API reference here for more detail: Create a user
- Turn off the Verification Email template at the tenant level - this would stop the email being sent for all user creations/signups. This can be done by toggling off the “Status” button when viewing the Verification Email template’s settings in Auth0’s Dashboard > Branding > Email Templates.
Verification emails would then need to be sent outside of Auth0 - this could be triggered from an Action and appending a verification ticket to the custom email sent out:
Or the verification flow could be handled entirely outside of Auth0 (potentially again triggered by Actions calling an external API), with a backend that, once the custom verification flow is complete, calls the tenant’s Management API to update the user’s email_verified attribute to true
Option 1 is better for scenarios where it is desired to continue using the automatic verification email for other applications, and the suppressed application does not allow signups, so users are created via the Management API.
Option 2 is a more involved solution requiring that automatic verification emails are disabled and a custom verification flow implemented, but would allow for changing the behavior between applications whilst still allowing users to sign themselves up through Universal Login.
If this is desirable to be supported “out of the box”, please consider raising it here as a feature request: Auth0: Secure access for everyone. But not just anyone.