This is a bit of general feedback on my experience since discovering auth0. But I’d love to know if I’m doing something wrong particularly on my last point. Does anyone else work for a dev agency and use auth0?
First up, I work for a small web development company doing mostly bespoke asp.net (Framework) websites for clients. Mostly data driven type sites that are in the range of 50-200 development hours. Each client is completely separate and so has their own domain and user-base. Sometimes the sites have public registration but often its just admins that login.
When I first started investigating Auth0 it sounds liked it makes identity management easy and fast to implement. And a reasonable price (that we would pass on to each client). So I sold it to my boss.
But now, I’ve spent days trying to understand all the documentation and figure out a) how to use it in my sites and b) how to setup tenants/accounts efficiently. So many thing that I expected to just work out of the box, require research and setup.
It certainly isn’t straightforward and I’m close to giving up and going back to .Net Authentication.
No findings so far:
No built in ‘change password for users’ - have to build own using and use the 2 different APIs.
To use Roles, need to create a rule to apply to the claim. And this needs to be done in each tenant. Why? Why not just make that work out the box?
Can’t duplicate a tenant, must re-do all your settings. So using tenants for dev, dev2, staging etc seems overly time consuming.
I’m confused about tenants, organisations, applications. See next paragraph for more.
Can’t import users out of the box - have to setup an extension. Why? Just make things easy for us.
Can’t have Invite-only out of the box. Again, this is another thing I had to research and setup a bunch of customizations. Then I found it didn’t work when using the import extension. So then I had to resort to the API. Why not build all this into your manage.auth0.com dashboard. This is bread and butter stuff isn’t it?
As for how best to setup our multiple sites, I’m still not sure the best path. My current thinking is that I need to create a new auth0 accounts (ie to access manage.auth0.com) for each client. That way I can have the a Production Tenant for the live site, and others for the dev sites. But then I’m having to keep making up emails to register all these new accounts.
I’ve emailed sales team a few times with my questions but unless I’m wanting an Enterprise plan ($23k a year), they’re not interested in helping. The Starter plan for $23/month seems the only reasonable choice for us. Our clients aren’t going to accept paying $100+ dollars a month just to login.