What triggers the sending of a User Invitation email?

On Dashboard → Branding → Email Templates one can select the following Template: ‘User Invitation’, saying the following: ‘This email will be sent whenever a user is invited to an organization or application.’’

My question is: how can I trigger the sending of such an email?

I have read the following two articles:

and then I have tried:

  1. Sending a POST Reqeust to https://{{domain}}/dbconnections/change_password#type=invite
    This will send a normal Password Reset Email to the user and is not what I want: I want the User Invitation email to be sent.
  2. Sending a POST request to https://{domain}/api/v2/tickets/password-change#type=invite
    This will also not send an email, it will just return a URL.

So to repeat my question: how can I trigger the sending of a User Invitation email? Preferably by using a Management API endpoint.

Thank you all for your help and have a good weekend!
David

1 Like

HI @derwald,

Thanks for reaching out to the Auth0 Community!

You can trigger the Organizations Invitation email in a couple of ways, namely, through the:

  1. Auth0 Dashboard > Organizations > your Organization > Invitations tab and

  2. The Auth0 Management API’s Create invitations to organization endpoint

For more instructions, please check out our Send Organization Membership Invitations documentation.

Please let me know if you have any additional questions. I’d be happy to help!

Thanks,
Rueben

Hi Rueben

Thanks for the quick reply. At the email template is says:

I do not wish to use the organisation features of Auth0. But according to the email template sentence mentioned above, it should be possible to also invite people to an application.

But after your answer, I now assume, this Invitation Email sent by Auth is only available in the context of Organisations? And that inviting users without an organisation is only possible by sending an invitation email manually yourself? Could you confirm my assumption is correct?

And if so, may I propose to rename the ‘User invitation’ email template to the name you used above, being ‘Organisation invitation’? That would be a more appropriate name and directly clarify the usecase for that template.

Thanks
David

4 Likes

I tried to understand the ‘Generate invitations’ section again: Send Email Invitations for Application Signup

But I don’t get it yet…it says ‘With Auth0, there are two common approaches to implementing user invitations’, being (1) ‘Customize an email template’ and (2) ‘Create a password change ticket’? But customizing an email template doesn’t make sense to me, if I need to send the email then myself using an external mail program?

Hope someone can clarify it a bit more…

3 Likes

Hi @derwald,

Thank you for your responses and feedback.

I have confirmed that the excerpt below only applies to Organizations:

This email will be sent whenever a user is invited to an organization or application.

The description of this template can be found here: https://auth0.com/docs/customize/email/email-templates/email-template-descriptions#user-invitation-emails.

I will pass along the feedback to our teams regarding the ambiguous description and email template name.

Using the Send Email Invitations for Application Signup is the correct approach to invite users to your Application without the context of an Organization.

For (1), ‘Customize an email template’ involves using the Management API’s Update an email template endpoint to repurpose the language in your welcome email as an email invitation.

For (2), ‘Create a password change ticket’ involves using the Management API’s creating a password change ticket endpoint to generate a URL.

Then, you must send the password change ticket URL in an email to the user using your own email provider.

Once the user follows the link to set up their password, they can create their account and sign in.

I hope the explanation was clear!

Please let me know if you have any further questions.

Thanks,
Rueben

2 Likes

Totally agree, that page describing invitations should be re-worked. I also had difficulties understanding what Auth0 can and what it cannot do.

Only this discussion helped me to clarify how it’s supposed to work

7 Likes

@rueben.tiow, can you please provide one clarification:- that customization of a password change template which is described in the article Send Email Invitations for Application Signup, how will it be used, if we need to send the link to the user through our own email service provider?

Will you be able to elaborate on this topic? Thank you.

1 Like

Just for documentation purposes, I’ll quickly outline how I solved sending user invitation emails without using the organisation features.

The premisses for this solution:

  1. Users are not allowed to sign up them selves, they can only obtain an account by invitation.
  2. User / passwords are stored in a database.

The invitation workflow then looks like:

  1. Invite a user by creating a new user using the Management API https://auth0.com/docs/api/management/v2#!/Users/post_users endpoint, with email_verified set to false and a randomly generated password. This password will not be communicated to anyone and will never be used.
  2. Trigger an interactive password reset flow as described here (Change Users' Passwords), which means we send a request to the Authentication API Create a password endpoint.
  3. Auth0 will then send the Change Password email template. We adapted that template, both the subject and the body, in such a way that it will be an invitation email if the user email is not yet verified, and a normal password change email if that has been verified. The subject for example is:
    {% if user.email_verified %}Change password for{% else %}Welcome to{% endif %} {{ friendly_name }}
  4. If the user clicks the link in the email, the Password change page will be shown. One could customize that page as well, but we just customized the texts, such that they will both make sense for setting the password for the first time after an invitation as for resetting the password if the user had triggered the password reset flow him/herself.
  5. One the password has been set by the user, Auth0 will automatically set the email_verified property of the user to true and this invitation workflow can be considered done.
14 Likes

As far a I’ve understood it there are two kind of invitations: organisation invitations and non-organisation invitations.

Organisation invitations
One can use the workflow described here, which will let Auth0 send an email using this User invitation email template.

Non-organisation invitations
For Auth0, there is no such thing as invitations outside the context of an organisation. So we will be hacking around the ‘reset password’ functionality to achieve something like an invitation. And we have two options then: sending the invitation email yourself or let Auth0 send the invitation email

Sending the invitation email yourself
This is described here: Send Email Invitations for Application Signup. What imho is wrong and confusing in that description is the section Create email template. There is no such thing as an email template here, because you will be sending the email yourself.

Let Auth0 send the invitation email
That is basically the solution I provided here What triggers the sending of a User Invitation email? - #9 by derwald

6 Likes

Great @derwald , thank you for your recipe, especially the part about the email template adjustment. Now it totally makes sense, how to deal with this task.

A bit of clarification for that article on invitations will definitely help those folks coming after us.

4 Likes

Hi @derwald,
Sorry to interfere in this post but I am trying to set up the user invitation email and I came across this very useful post that you made (I think the documentation on this topic is way too generic).

Your post is very clear and I am using it as a base to generate my user import/creation workflow. One thing confuses me: you base your email template to set the password on the “email_verified” set to “false”, but when I test just your point 1, my newly created test user receives a “Verify your email” email, which I obviously don’t want as the user will receive from point 2 the password reset (in this case the first time password creation). Do I need to disable it by passing or setting something?

Thanks a lot!

2 Likes

Yes, you need to disable it. Branding → Email templates → Verification Email (using Link) → Status and then disable it. Good luck!

4 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.