Enable Organization Connections
You can enable specific connections for each organization to provide users with different login options. After you enable a connection, it is added to the organization login prompt, and users can authenticate through that connection to access your applications.
To enable a connection for an organization, the connection must already exist in your tenant. Supported connections include database connections, social connections, and enterprise connections.
Organization Properties
When using organizations, some connections have additional properties that you can configure:
| Property | Connection Types | Description |
|---|---|---|
| Membership On Authentication | All connection types | When enabled, this property automatically assigns organization membership to end-users the first time they authenticate with the connection. Membership on Authentication is useful in scenarios where all users with the ability to authenticate with a specific connection can be assumed to be members of an organization. |
| Organization Signup | Database connections only | This property determines whether or not end-users can access a signup link on the login prompt that allows them to gain membership to an Organization. To use Organization Signup, you must also enable Membership On Authentication. Organization Signup is useful is scenarios where users need self-service access to join Organizations, such as:
|
| Display connection as a button | Enterprise connections only | This optional property determines whether or not a specific connection displays as an option on the organization login prompt. Note: If this option is disabled for a connection, end-users can still authenticate via the connection and log in to applications in the context of the organization by sending the connection parameter directly in the authorization request. They can also authenticate with this connection if you are using the Identifier First with Home Realm Discovery authentication profile in combination with the Prompt for Credentials organization login flow. |
End-users can only log in to applications in the context of a specific organization through connections that have been enabled for that organization.
Configure Organization Connections
You can configure connections for organizations using either the Auth0 Dashboard or the Management API.
Auth0 Dashboard
To enable a connection via the Auth0 Dashboard:
Navigate to Auth0 Dashboard > Organizations, and select the organization for which you want to configure connections.
Select the Connections view, then select Enable Connections.
Choose the connection you want to enable, and select Enable Connection.
In the Authentication section, locate Membership On Authentication and choose whether to enable or disable auto-membership. When enabled, auto-membership automatically adds all users logging in with the connection as members of the organization.
For Database connections only: In the Organization Signup section, choose whether to enable or disable self-service signups. When enabled, users can access a signup link on the login prompt to create their account and automatically gain membership to the organization.
Note: To enable this property, you must first enable Membership on Authentication.
For Enterprise connections only: In the Connection button section, optionally enable the Display connection as a button property to display the connection as an option on the organization login prompt.
If all enabled connections within the Organization are enterprise connections, and all connections are hidden, Auth0 returns an error that reads
Message: no connections enabled for the organization are visiblewhen users access the application.Select Save.
Management API
To enable a connection via the Management API:
Make a POST call to the Create Organization Connections endpoint. Ensure you update the following placeholder values with the appropriate information:
Replace
{orgId}with your organization ID.Replace
{mgmtApiAccessToken}with your Management API access token.Replace
{connectionId}with a specific connection ID.Replace
{assignMembershipOption}withtrueorfalsewith respect to your Membership on Authentication selection.For Database connections only: Replace
{isSignupEnabled}withtrueorfalsewith respect to your signup selection.For Enterprise connections only: Replace
{showAsButtonOption}withtrueorfalsewith respect to your Connection Button selection.
curl --request POST \
--url https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/enabled_connections \
--header 'authorization: Bearer {yourMgmtApiAccessToken}' \
--header 'cache-control: no-cache' \
--header 'content-type: application/json' \
--data '{ "connection_id": "{connectionId}", "assign_membership_on_login": "{assignMembershipOption}","is_signup_enabled","{isSignupEnabled}", "show_as_button": "{showAsButtonOption}" }'Was this helpful?
var client = new RestClient("https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/enabled_connections");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
request.AddHeader("cache-control", "no-cache");
request.AddParameter("application/json", "{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\",\"is_signup_enabled\",\"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/enabled_connections"
payload := strings.NewReader("{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\",\"is_signup_enabled\",\"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\" }")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("content-type", "application/json")
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
req.Header.Add("cache-control", "no-cache")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
HttpResponse<String> response = Unirest.post("https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/enabled_connections")
.header("content-type", "application/json")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.header("cache-control", "no-cache")
.body("{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\",\"is_signup_enabled\",\"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\" }")
.asString();Was this helpful?
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/enabled_connections',
headers: {
'content-type': 'application/json',
authorization: 'Bearer {yourMgmtApiAccessToken}',
'cache-control': 'no-cache'
},
data: '{ "connection_id": "{connectionId}", "assign_membership_on_login": "{assignMembershipOption}","is_signup_enabled","{isSignupEnabled}", "show_as_button": "{showAsButtonOption}" }'
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"content-type": @"application/json",
@"authorization": @"Bearer {yourMgmtApiAccessToken}",
@"cache-control": @"no-cache" };
NSData *postData = [[NSData alloc] initWithData:[@"{ "connection_id": "{connectionId}", "assign_membership_on_login": "{assignMembershipOption}","is_signup_enabled","{isSignupEnabled}", "show_as_button": "{showAsButtonOption}" }" dataUsingEncoding:NSUTF8StringEncoding]];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/enabled_connections"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/enabled_connections",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\",\"is_signup_enabled\",\"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\" }",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}",
"cache-control: no-cache",
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
import http.client
conn = http.client.HTTPSConnection("")
payload = "{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\",\"is_signup_enabled\",\"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\" }"
headers = {
'content-type': "application/json",
'authorization': "Bearer {yourMgmtApiAccessToken}",
'cache-control': "no-cache"
}
conn.request("POST", "%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/enabled_connections", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/enabled_connections")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
request["cache-control"] = 'no-cache'
request.body = "{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\",\"is_signup_enabled\",\"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\" }"
response = http.request(request)
puts response.read_bodyWas this helpful?
import Foundation
let headers = [
"content-type": "application/json",
"authorization": "Bearer {yourMgmtApiAccessToken}",
"cache-control": "no-cache"
]
let postData = NSData(data: "{ "connection_id": "{connectionId}", "assign_membership_on_login": "{assignMembershipOption}","is_signup_enabled","{isSignupEnabled}", "show_as_button": "{showAsButtonOption}" }".data(using: String.Encoding.utf8)!)
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/enabled_connections")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
Find Your Auth0 Domain
If your Auth0 domain is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus .auth0.com. For example, if your tenant name were travel0, your Auth0 domain name would be travel0.us.auth0.com. (If your tenant were in the US and created before June 2020, then your domain name would be https://travel0.auth0.com.)
If you are using custom domains, this should be your custom domain name.
| Value | Description |
|---|---|
{orgId} |
ID of the organization for which you want to enable a connection. |
{mgmtApiAccessToken} |
Access Token for the Management API with the scope create:organization_connections. |
{connectionId} |
ID of the connection you want to enable for the specified organization. |
{assignMembershipOption} |
Indicates whether you want users that log in with this connection to automatically be granted membership in the organization. When set to true, users will automatically be granted membership. When set to false, they will not automatically be granted membership. |
{isSignupEnabled} |
Determines whether users can access a self-service signup link on the login prompt. When set to true, the signup link displays on the prompt. When set to false, the link remains hidden.Note: To enable this option, you must also set {assignMembershipOption} to true. |
{showAsButtonOption} |
Indicates whether you want a specific Enterprise connection to display as an option on the organization login prompt. When set to true, the connection displays as a button on the prompt. When set to false, the connection is hidden on the prompt. |
Response status codes
Possible response status codes are as follows:
| Status code | Error code | Message | Cause |
|---|---|---|---|
201 |
Connection successfully added to organization. | ||
401 |
Invalid token. | ||
401 |
Invalid signature received for JSON Web Token validation. | ||
401 |
Client is not global. | ||
403 |
insufficient_scope |
Insufficient scope; expected any of: create:organizations_connections. |
Tried to read/write a field that is not allowed with provided bearer token scopes. |
429 |
Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. |