User Management using Auth0 Console

Hi Team,
My application has two roles ‘Partner Admin’ and ‘Partner User’. Partner Admin can only create new Partner User for its particular Partner Entity. In app_metadata of each user we have partnerid which can help us realise it. Now i know how we can do it using Auth0 Management API. Can it be possible if i give Partner Admin of Partner A and Partner B access to Auth0 console and they can only be able to create partner user for only there entity. Restriction should be they should not be able to see anything of other partner users in same application with same database connection.

Many Thanks
Sudhir

1 Like

Hi @ketan.phapale.87,

Welcome to the Community!

We do have a delegated admin extension, but I wasn’t able to figure out a way to limit the admin to certain connection. You could set up individual tenants, which would keep them sandboxed.

I am going to ask internally, but I think it likely isn’t possible within one tenant.

Thanks,
Dan

It looks like this is actually possible using the extension. Check out delegated admin hooks. Specifically, the filter hook and access hook.

Thanks for help, will try to explore more on “delegated admin extension”.

1 Like

Let me know if you have questions!

1 Like

I tried delegated Admin Access. As per reference https://auth0.com/docs/extensions/delegated-administration-extension. I still does not understand how can i see all fields while creating user like givenname,family_name apart from that i also did not understood how i can give role while creating a user - we can create either - ‘Partner Admin’ or ‘Partner User’. Then also how i will asign permissions from a API created in Auth0 directly to top of user while creating user.
May be i need examples of hooks in this context, can all this be possible first of all and than can i get related reference links.

Thanks ,
Sudhir

@ketan.phapale.87,

You should be able to use the settings hook to configure some custom inputs, and the write hook to send the info when you’re creating the user.

You could essentially write anything to the user’s app_metadata, then use a rule to add the role to the user from the metadata.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.