Support passwordless connections in organization invitations

Feature: Support passwordless connections in organization invitations

Description: This limitation is documented, but it seems very arbitrary – I am still able to authenticate users via passwordless with their organization, just not on the initial invite? This creates a pretty poor user experience.

Use-case: I have a B2B use case and I never want to support password-based authentication. So, the organizations I’m creating suport only social and passwordless logins. For example:

When I try to invite a user using the email connection, I get this (which is a known limitation per the documentation.

But the really weird thing is that, even though I don’t have a db connection configured, the user is still prompted for entering a password (and it does allow them to authenticate).

Some more context:

As a workaround, I can send invitations via the Google connection. The user experience there is great…Until they log out and log back in and then get prompted with the passwordless flow. Then, they get an error saying they aren’t part of the organization because they’re a different user on the Auth0 backend since they used a different connection!

And I don’t think I can merge the users since they aren’t authenticated yet, unless I do some janky stuff like try the callback request again without the org id, then merge them. So my workaround for that is to allow Membership on Authentication. Three problems though:

a) now I have a security problem since anyone can sign up for any organization in my app if they get the org id
b) I will have two of every user, or I have to now go and implement merging
c) I can only support social logins going forward

What a mess.

4 Likes

I’ve run into the same issue, and am attempting with a single email connection enabled for an organization.

The documentation states " You cannot create passwordless users from the Auth0 Dashboard. Create them directly from the Management API.

I took that to mean I also couldn’t send an invite via the dashboard, but I could via the API, which I tried, but upon clicking the invite link I am prompted to enter a password. And if I explicitly specify the connection_id when generating the invite I get a 400 “Passwordless connections are not supported” error.

2 Likes

Hi all, thanks for sharing detailed use cases.

Please be sure to hit the Vote button, we use this to gauge interest.

Hi Dan,

Would be great if you could clarify the current/planned state of passwordless with organizations. The following comment implies that passwordless for organizations is available, but perhaps not the extent.

thanks!

1 Like

Hi @jsw,

Passwordless + Organization Invites is currently not supported and isn’t currently prioritized. If you have any more info about use case that would be helpful for our team.

Thanks

Hi Dan,

Thanks for the clarification.

Our use case is a B2B platform for employees at large companies to take a survey a couple times a year. We think passwordless makes sense for this use case. It will be simpler for them not to need to create and track passwords. Also, if an individual leaves an organization and loses access to their work email, it’s appropriate that they naturally lose account access without any action on our part, which would not happen if they were simply using credentials.

jeff

2 Likes

Great, thanks Jeff.

-Dan

I’m not an expert in authentication, but it seems like passwordless is the direction the industry is headed, as popularized by apps like Slack. I certainly would prefer my users not have to manage yet another password.

Auth0 now has several hungry young competitors who all support this out of the box:

  • Frontegg
  • Clerk
  • Stytch
  • Propel

If Auth0 is serious about playing in the B2B SaaS/Organizations space, this seems like a no-brainer. If not, I guess I need to explore the competitors more seriously for my use case.

3 Likes

Checking if there is any update on this. We would really like to migrate to passwordless connections and are just waiting on the organization invite to work.

1 Like

We also have the exact same issue and think it doesn’t make sense. @dan.woda any updates on when we could expect this?

1 Like

expanding our use case - we invite people who don’t necessarily use google. and want them to be able to login using passwordless, not password. seems like currently we have no choice but to allow them to login with password.

Hi, @dan.woda
Please, is there any updates on this request?

We have a similar B2B SaaS/Organizations use case, where the default connection is Passwordless (email). Despite having only the email (passwordless) connection enabled, when I initiate an invitation through the API without specifying the connection, users are prompted to enter a password they won’t actually use. And if I explicitly specify the connection_id when generating the invite I get a 400 “Passwordless connections are not supported” error. I am puzzled that the invitation isn’t seamlessly working for the Passwordless connection.

Could you please provide an update on when this issue will be addressed?

Thank you so much.

Hi @guilherme.terra,

Thanks for providing some additional insight. I don’t have an updates at this times.

Apologies for the delayed response to the other folks in this thread. Thanks for your patience everyone.

1 Like

Hi @dan.woda is there any update on this? It makes for an extremely poor user experience.

At the very minimum, can Home Realm Discovery be used to bypass this? If I know the organizations email extension?

Thanks.

Hi. Is there any real way to actually use Passwordless with Organizations? We cannot use “Membership on signup”, because that would defeat the purpose of having Organizations, but yet we cannot create new passwordless members since this thread highlights the 400 error that is thrown on the API, so the feature seems entirely unusable at this time.

I’m not sure to know what you are meaning with “passwordless” but I manage to send invitation link with google_oauth inside an organization. You have to create an endpoint inside your app to redirect to /authorize url.

With passwordless do you mean a magic link like slack does ?

@dan.woda Any update on this?

Pretty silly that we can enable passwordless email connection for an org, disable user/pass connection (and have the database auth have new signups disabled), and yet the org invite flow still shows the user/pass signup and allows new signups via this method…this is poor design and completely renders passwordless connection useless for orgs.

I don’t understand. How is Passwordless for Organizations not supported? Did it not make it to GA? Why does the pricing page show passwordless available for B2B plans? What good is passwordless for B2B wihout support for organizations?