- User connects to our platform from Okta Dashboard as a new user on the platform, or connects to the web app directly and registers a user store account in Auth0. A tenant ID is passed to recognize the platform data/scope that is available.
- Auth0 pre-user-reg triggers, and creates a user profile record in our platform (this process loads platform base permissions behind the scenes). A profile id for our platform is generated and stored on Auth0. A profile ID is valid for one tenant ID
- Auth0 post-login action triggers, grabbing permissions for our platform from the appropriate service based on user profile record. tenant ID and user id are used to determine permissions.
We are not planning on storing roles or permissions in Auth0, as the platform services each identify their permissions and we don’t want to store all of the details on a third party when we need it locally as well. We need a way to identify the tenant ID (this is not an Auth0 tenant, closer to an org ID) for the platform throughout the process.