Support/Replace Organization prompt screen with "choose organization" during login

Very much expecting this feature!

Same! Excited for this. I was able to implement your workaround of using silent auth after the initial login, but it’s pretty janky.

Wow, apparently I’m in luck. I was just investigating this exact situation. I’m glad the feature is coming out June 28th. Thank you!

Additional Question:
In the management API or SDK, is there (or will there be), a way to create a user in a specific organization in one step? As I understand currently, that logic has to be implemented in our app. First check if the user exists in any org. If not invite user to the App. Then assign them to an org. If there was a createUser({org_id:xxx}) that did all those steps that would help streamline as well.

@nathan.jenkins

Could you provide some clarity or confirmation on if June 28th is still the target release date? We pushed our launch back to have this feature and are super stoked but want to make sure we are planning correctly. Thanks!

It looks like this went live a couple days early?

Screenshot 2023-06-26 at 8.07.18 PM939×861 23.7 KB

Can it be a beta version ??

In my application I cannot see that new organization screen prompt.

Did you need to do some extra configuration ??

Hi All, The rollout of this feature update has started and may be available in your tenant environment.
Supporting documentation will be provided once the announcement has been made on the Auth0 Changelog, please keep an eye on the changelog page to find any links to supporting docs.

To get you started and test the feature, First turn the Authentication Profile to Identifier First.
Then go to your Auth0 Application and Organization Tab, there you will need to select the Type of Users, and select the preferred Login Flow (Prompt for Organization)

Yeah, I set it up in the dashboard under Applications > {My App} > Organizations

Screenshot 2023-06-27 at 9.12.35 AM1434×1347 123 KB

Was easy to set up and seems to be working well for my use case! I was able to delete the silent authentication hack completely.

Excellent! thanks for sharing @igillis

Ok, I spoke too soon It seems there is still a limitation, but maybe I’m missing something. First, let me lay out our requirements.

1. This is a B2B SaaS app. So we sell to other businesses and their users can log in to use the app.
2. There is a self serve flow for new businesses to onboard without any intervention from us. Users may sign up/authenticate without being part of an organization, but must create one before continuing.
3. Users should only belong to at most 1 organization (their current employer). So if they do belong to an organization, they should be automatically logged into it. If we do support multiple org membership in the future, they should still never be allowed to log in as “individuals”.

Problem:

If I select “Business Users”, number 2 breaks. When a new user signs up they get this error.

Screenshot 2023-06-27 at 9.12.35 AM1434×1347 123 KB

Screenshot 2023-06-27 at 9.42.01 AM3150×2044 167 KB

But what I really want is for them to be signed in and prompted to create a new organization. We have this flow built out already.

If I instead select “Both”, number 3 above breaks. Users can sign in without an org and I can show them the prompt to create a new org. But then they get prompted to log in as individuals or the org, when we really only want to allow authenticating under the org:

Screenshot 2023-06-27 at 9.31.52 AM2362×2144 355 KB

Screenshot 2023-06-27 at 9.46.32 AM1224×1322 58.5 KB

Example

Slack is mentioned as an example under “Business Users”, but that’s not quite true. Slack actually has the exact flow I’m interested in. If you sign up as a new user, you’re prompted to create a workspace:

IMG_5386.PNG1170×2532 164 KB

If instead you sign up as a user with only one workspace membership, it logs you right into that workspace:

IMG_5387.PNG1170×2532 116 KB

Sorry for the long post, just wanted to provide as much context as possible. Let me know if there’s a way to configure this flow with this new feature set, otherwise I’ll bring back the workaround where you fetch the user’s org memberships and do silent re-auth.

Hi @igillis! Good eye on the release catch.

You’re correct in your assessment of current capabilities. However, we’re scoping out what self service organization creation and sign up should look like as a future roadmap item.

I’ll send you a DM about setting up a time to chat if you’re interested.

Sure, that would be great

Hi @sam.frank

We like the new implementation. But there’s one thing we want to know how to make it work.

Currently in our use case we only allow users to sign up through an invitation. The thing is that with the “Prompt for credentials” option selected we get the regular sign in page, which is fine.

But that page shows the “Don’t have an account? Sign up” link and it allows users to sign up to the app which is not what we want. I tried the “Disable Sign Ups” in the connection which makes it go away. But it introduces another problem. It doesn’t allow users to sign up through an invitation, the invitation page works but when I input the password for the new user, it tells you incorrect password/username which is not the case since the user doesn’t even exist.

Any thought for this?

Hello Adam, would you mind providing an update on the status of point 3 (HRD for Organizations)? My company has a use case that would benefit greatly from this feature.

I agree I think this would be a better user flow.

+1 This would be tight!

Single Sign - On: Single Sign-On (SSO) is a mechanism that allows users to access multiple applications with a single set of login credentials (such as username and password). Instead of requiring users to remember and manage separate credentials for each application, SSO enables them to authenticate once and gain access to all authorized resources seamlessly.

Credits: https://www.infisign.io/post/how-does-single-sign-on-sso-work