Add Roles to Organization Members
Each organization member can be assigned one or more roles, which are applied when users log in through the organization. To learn more about roles and their behavior, read Role-based Access Control.
You can add roles to members in organizations using either the Auth0 Dashboard or the Management API.
To enable a role for an organization member, you must have already created the role in your tenant.
Auth0 Dashboard
To add roles to an organization member via the Auth0 Dashboard:
Navigate to Auth0 Dashboard > Organizations, and select the organization for which you want to configure membership.
Select the Members view, and select the name of the member to which you would like to add a role.
Select Assign role.
Enter the role name(s) you would like to assign to the member, and select Add role(s) to organization.
Management API
To add roles to an organization member via the Management API:
Make a POST
call to the Create Organization Member Roles
endpoint. Be sure to replace ORG_ID
, MGMT_API_ACCESS_TOKEN
, USER_ID
, and ROLE_ID
placeholder values with your organization ID, Management API Access Token, user ID, and role ID, respectively.
curl --request POST \
--url https://your_auth0_domain/api/v2/organizations/ORG_ID/members/USER_ID/roles \
--header 'authorization: Bearer MGMT_API_ACCESS_TOKEN' \
--header 'cache-control: no-cache' \
--header 'content-type: application/json' \
--data '{ "roles": [ "ROLE_ID", "ROLE_ID", "ROLE_ID" ] }'
Was this helpful?
var client = new RestClient("https://your_auth0_domain/api/v2/organizations/ORG_ID/members/USER_ID/roles");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer MGMT_API_ACCESS_TOKEN");
request.AddHeader("cache-control", "no-cache");
request.AddParameter("application/json", "{ \"roles\": [ \"ROLE_ID\", \"ROLE_ID\", \"ROLE_ID\" ] }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Was this helpful?
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://your_auth0_domain/api/v2/organizations/ORG_ID/members/USER_ID/roles"
payload := strings.NewReader("{ \"roles\": [ \"ROLE_ID\", \"ROLE_ID\", \"ROLE_ID\" ] }")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("content-type", "application/json")
req.Header.Add("authorization", "Bearer MGMT_API_ACCESS_TOKEN")
req.Header.Add("cache-control", "no-cache")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
Was this helpful?
HttpResponse<String> response = Unirest.post("https://your_auth0_domain/api/v2/organizations/ORG_ID/members/USER_ID/roles")
.header("content-type", "application/json")
.header("authorization", "Bearer MGMT_API_ACCESS_TOKEN")
.header("cache-control", "no-cache")
.body("{ \"roles\": [ \"ROLE_ID\", \"ROLE_ID\", \"ROLE_ID\" ] }")
.asString();
Was this helpful?
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://your_auth0_domain/api/v2/organizations/ORG_ID/members/USER_ID/roles',
headers: {
'content-type': 'application/json',
authorization: 'Bearer MGMT_API_ACCESS_TOKEN',
'cache-control': 'no-cache'
},
data: {roles: ['ROLE_ID', 'ROLE_ID', 'ROLE_ID']}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});
Was this helpful?
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"content-type": @"application/json",
@"authorization": @"Bearer MGMT_API_ACCESS_TOKEN",
@"cache-control": @"no-cache" };
NSDictionary *parameters = @{ @"roles": @[ @"ROLE_ID", @"ROLE_ID", @"ROLE_ID" ] };
NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://your_auth0_domain/api/v2/organizations/ORG_ID/members/USER_ID/roles"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];
Was this helpful?
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://your_auth0_domain/api/v2/organizations/ORG_ID/members/USER_ID/roles",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{ \"roles\": [ \"ROLE_ID\", \"ROLE_ID\", \"ROLE_ID\" ] }",
CURLOPT_HTTPHEADER => [
"authorization: Bearer MGMT_API_ACCESS_TOKEN",
"cache-control: no-cache",
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
Was this helpful?
import http.client
conn = http.client.HTTPSConnection("your_auth0_domain")
payload = "{ \"roles\": [ \"ROLE_ID\", \"ROLE_ID\", \"ROLE_ID\" ] }"
headers = {
'content-type': "application/json",
'authorization': "Bearer MGMT_API_ACCESS_TOKEN",
'cache-control': "no-cache"
}
conn.request("POST", "/api/v2/organizations/ORG_ID/members/USER_ID/roles", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
Was this helpful?
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://your_auth0_domain/api/v2/organizations/ORG_ID/members/USER_ID/roles")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer MGMT_API_ACCESS_TOKEN'
request["cache-control"] = 'no-cache'
request.body = "{ \"roles\": [ \"ROLE_ID\", \"ROLE_ID\", \"ROLE_ID\" ] }"
response = http.request(request)
puts response.read_body
Was this helpful?
import Foundation
let headers = [
"content-type": "application/json",
"authorization": "Bearer MGMT_API_ACCESS_TOKEN",
"cache-control": "no-cache"
]
let parameters = ["roles": ["ROLE_ID", "ROLE_ID", "ROLE_ID"]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://your_auth0_domain/api/v2/organizations/ORG_ID/members/USER_ID/roles")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()
Was this helpful?
Value | Description |
---|---|
ORG_ID |
ID of the organization for which you want to add roles to a member. |
MGMT_API_ACCESS_TOKEN |
Access Token for the Management API with the scope create:organization_member_roles . |
USER_ID |
ID of the user to which you want to add the specified role(s). |
ROLE_ID |
ID of the role you want to add to the specified user for the specified organization. Maximum of 100 roles per user. |
Response status codes
Possible response status codes are as follows:
Status code | Error code | Message | Cause |
---|---|---|---|
204 |
Roles successfully associated with user. | ||
400 |
invalid_body |
Invalid request body. The message will vary depending on the cause. | The request payload is not valid. |
400 |
invalid_query_string |
Invalid request query string. The message will vary depending on the cause. | The query string is not valid. |
401 |
Invalid token. | ||
401 |
Invalid signature received for JSON Web Token validation. | ||
401 |
Client is not global. | ||
403 |
insufficient_scope |
Insufficient scope; expected any of: create:organization_member_roles . |
Tried to read/write a field that is not allowed with provided bearer token scopes. |
429 |
Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. |