Thoughts from a beginner

This is a bit of general feedback on my experience since discovering auth0. But I’d love to know if I’m doing something wrong particularly on my last point. Does anyone else work for a dev agency and use auth0?

First up, I work for a small web development company doing mostly bespoke asp.net (Framework) websites for clients. Mostly data driven type sites that are in the range of 50-200 development hours. Each client is completely separate and so has their own domain and user-base. Sometimes the sites have public registration but often its just admins that login.

When I first started investigating Auth0 it sounds liked it makes identity management easy and fast to implement. And a reasonable price (that we would pass on to each client). So I sold it to my boss.

But now, I’ve spent days trying to understand all the documentation and figure out a) how to use it in my sites and b) how to setup tenants/accounts efficiently. So many thing that I expected to just work out of the box, require research and setup.
It certainly isn’t straightforward and I’m close to giving up and going back to .Net Authentication.

No findings so far:
No built in ‘change password for users’ - have to build own using and use the 2 different APIs.
To use Roles, need to create a rule to apply to the claim. And this needs to be done in each tenant. Why? Why not just make that work out the box?
Can’t duplicate a tenant, must re-do all your settings. So using tenants for dev, dev2, staging etc seems overly time consuming.
I’m confused about tenants, organisations, applications. See next paragraph for more.
Can’t import users out of the box - have to setup an extension. Why? Just make things easy for us.
Can’t have Invite-only out of the box. Again, this is another thing I had to research and setup a bunch of customizations. Then I found it didn’t work when using the import extension. So then I had to resort to the API. Why not build all this into your manage.auth0.com dashboard. This is bread and butter stuff isn’t it?

As for how best to setup our multiple sites, I’m still not sure the best path. My current thinking is that I need to create a new auth0 accounts (ie to access manage.auth0.com) for each client. That way I can have the a Production Tenant for the live site, and others for the dev sites. But then I’m having to keep making up emails to register all these new accounts.

I’ve emailed sales team a few times with my questions but unless I’m wanting an Enterprise plan ($23k a year), they’re not interested in helping. The Starter plan for $23/month seems the only reasonable choice for us. Our clients aren’t going to accept paying $100+ dollars a month just to login.

Hi @markchambers99

  • Reset Password: this is supported out of the box on the Universal Login Page. You just click “Forgot Password”, there is also an authorization API endpoint which will trigger the same email.
  • For roles, go to your API and ensure that the API is enabled for RBAC, and that permissions are enabled in the access token.
  • Use deploy-cli or terraform to handle tenant settings. In principle, you should never change tenant settings manually.
  • Importing users: there’s the extension and there’s a job (go to the management API and look under jobs). There are a couple of quirks there (500K limit for 1). Also check out automatic migration (formerly known as lazy migration). Importing users is complex enough that there isn’t a one-size-fits-all approach
  • Invite only is supported, I’m not sure what you are asking for. There has to be a trigger for the invite, and the account has to be created at that time.
  • Since you are passing the cost on to yout clients, they should each be set up with their own Auth0 account. Or you could have a single Auth0 account and bill your clients separately. If you go the latter, that puts you in control of onboarding, and lets you create the config automatically (see response to deploy-cli above).
  • Actually, reading that last bit about cost, you should have your tenant and bill out to your clients. I would suggest 1 production tenant, and then separate apps, APIs and connections on a client by client basis. You are then in control of everything.

I hope this helps

John

2 Likes

Hi @markchambers99

Welcome to the Auth0 Community!

Thank you for taking the time to provide detailed feedback. I’ll pass this along to the team in hopes that we can provide a more smooth introduction to future developers.

And thanks for the detailed response @john.gateley!

Hey John, Thanks so much for the reply.
My issue with many of these things aren’t that they’re not possible in Auth0, but that they take a lot of searching forums and docs and then coding. I would expect it to all just work out of the box and have a easy UI in the Dashboard. That would truly make it " easy to implement" (as stated on auth0.com).

Reset password - yes I see the reset (which I see as being for when you forgotten your password) but I want a “change my password” when I’m already logged in. So a user decides to update their insecure password to a better one and wants to just enter a new one. It seems that they would need to logout, click login, choose Forgot password and use the email. Thats a long process and not intuitive for some users.
Anyway, I’ve built it all myself now using the APIs. I just think that it should be out of the box.

Invite-only - again I can build it (after spending a while reading the community forums) but I just think it should be part of the Dashboard - a page to import users by email and then a button to send them all a welcome email with a ‘set your 1st password’ link.

Tenants/clients - so are you saying that I only just one Auth0 account, with a single tenant that I put all my clients on and use different Applications to handle all their different websites? That would mean all my users are shared though so that wouldn’t work. Or I thought I could use a different tenant for each client, but I can only have one Production tenant per account, so that doesn’t work either.
To have a different auth0 account for each client seems the most logical, but I don’t want them to know anything about auth0 and so I need to create all those accounts myself, which entails me creating emails to register under eg client1@mycompany.com , client2@mycompany.com which seems time consuming too.

I’ll look into your other suggestions, cheers.

Mark

Regarding the tenants:

Have one production tenant.
Each client of yours will have their own application AND connection in Auth0.
The application will ONLY be enabled for that single connection.

Then users will not be shared between clients.

John

1 Like

Thanks for helping on this one John!