Send Organization Membership Invitations

You can send organization membership invitations to users using either the Auth0 Dashboard or the Management API.

Auth0 Dashboard

To invite members via the Auth0 Dashboard:

  1. Navigate to Auth0 Dashboard > Organizations, and select the organization for which you want to configure membership.

  2. Select the Invitations view, and select Invite Members.

  3. Select the Application to which you would like to invite the member, enter the email address of the user you would like to invite to the organization, and select Send Invite(s).

Management API

To invite members via the Management API: Make a POST call to the Create Organization Invitations endpoint. Be sure to replace ORG_ID, MGMT_API_ACCESS_TOKEN, NAME_OF_USER, EMAIL_ADDRESS, CLIENT_ID, CONNECTION_ID, EXP_TIME, ROLE_ID, and SEND_INVITATION_EMAIL_OPTION placeholder values with your organization ID, Management API Access Token, name of invited user, email address of invited user, client ID, connection ID, expiration time, and role IDs, respectively.

{
  "method": "POST",
  "url": "https://YOUR_AUTH0_DOMAIN/api/v2/organizations/ORG_ID/invitations",
"headers": [
  { "name": "Content-Type", "value": "application/json" },
  { "name": "Authorization", "value": "Bearer MGMT_API_ACCESS_TOKEN" },
  { "name": "Cache-Control", "value": "no-cache" }
  ],
  "postData": {
  "mimeType": "application/json",
  "text" : "{ \"inviter\": { \"name\": \"NAME_OF_USER\"}, \"invitee\": { \"email\": \"EMAIL_ADDRESS\" }, \"client_id\": \"CLIENT_ID\", \"connection_id\": \"CONNECTION_ID\", \"ttl_sec\": \"EXP_TIME\", \"roles\": [ \"ROLE_ID\", \"ROLE_ID\", \"ROLE_ID\" ], \"send_invitation_email\": \"SEND_EMAIL_INVITATION_OPTION\" }"
  }
}

Was this helpful?

/

Value Description
ORG_ID ID of the organization for which you want to assign membership.
MGMT_API_ACCESS_TOKEN Access Token for the Management API with the scope create:organization_invitations.
NAME_OF_USER Name of the user to whom you want to send the invitation. Maximum of 300 characters.
EMAIL_ADDRESS Email address to which the invitation should be sent.
CLIENT_ID ID of the application to which the invited user should authenticate.
CONNECTION_ID ID of the connection through which the invited member should authenticate.
EXP_TIME Number of seconds before the invitation expires. If unspecified or set to 0, defaults to 604800 seconds (7 days). Maximum of 2592000 seconds (30 days).
ROLE_ID ID of the role(s) you want to assign to the invited user for the specified organization. Maximum of 50 roles per member.
SEND_INVITATION_EMAIL_OPTION Indicates whether Auth0 should send the email. Values are true or false. When set to false, Auth0 will generate an invitation URL that you can deliver to users through your own email service.

Response status codes

Possible response status codes are as follows:

Status code Error code Message Cause
200 Invitation successfully created.
400 invalid_body The specified client_id does not exist. The request payload is not valid.
400 invalid_body The specified connection does not exist. The request payload is not valid.
400 invalid_body Passwordless connections are not supported. The request payload is not valid.
400 invalid_body A default login route is required to generate the invitation url. To learn more, see Configure default login routes. The request payload is not valid.
400 invalid_body One or more of the specified roles do not exist: role1, role2'. The request payload is not valid.
400 invalid_body Invalid request body. The message will vary depending on the cause. The request payload is not valid.
400 invalid_query_string Invalid request query string. The message will vary depending on the cause. The query string is not valid.
401 Invalid token.
401 Invalid signature received for JSON Web Token validation.
401 Client is not global.
403 insufficient_scope Insufficient scope; expected any of: create:organization_invitations. Tried to read/write a field that is not allowed with provided bearer token scopes.
404 No organization found by that id.
429 Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers.