Send Organization Membership Invitations
You can send organization membership invitations to users using either the Auth0 Dashboard or the Management API.
Auth0 Dashboard
To invite members via the Auth0 Dashboard:
Navigate to Auth0 Dashboard > Organizations, and select the organization for which you want to configure membership.
Select the Invitations view, and select Invite Members.
Select the Application to which you would like to invite the member, enter the email address of the user you would like to invite to the organization, and select Send Invite(s).
Management API
To invite members via the Management API:
Make a POST
call to the Create Organization Invitations endpoint. Be sure to replace ORG_ID
, MGMT_API_ACCESS_TOKEN
, NAME_OF_USER
, EMAIL_ADDRESS
, CLIENT_ID
, CONNECTION_ID
, EXP_TIME
, ROLE_ID
, and SEND_INVITATION_EMAIL_OPTION
placeholder values with your organization ID, Management API Access Token, name of invited user, email address of invited user, client ID, connection ID, expiration time, and role IDs, respectively.
{
"method": "POST",
"url": "https://YOUR_AUTH0_DOMAIN/api/v2/organizations/ORG_ID/invitations",
"headers": [
{ "name": "Content-Type", "value": "application/json" },
{ "name": "Authorization", "value": "Bearer MGMT_API_ACCESS_TOKEN" },
{ "name": "Cache-Control", "value": "no-cache" }
],
"postData": {
"mimeType": "application/json",
"text" : "{ \"inviter\": { \"name\": \"NAME_OF_USER\"}, \"invitee\": { \"email\": \"EMAIL_ADDRESS\" }, \"client_id\": \"CLIENT_ID\", \"connection_id\": \"CONNECTION_ID\", \"ttl_sec\": \"EXP_TIME\", \"roles\": [ \"ROLE_ID\", \"ROLE_ID\", \"ROLE_ID\" ], \"send_invitation_email\": \"SEND_EMAIL_INVITATION_OPTION\" }"
}
}
Was this helpful?
Value | Description |
---|---|
ORG_ID |
ID of the organization for which you want to assign membership. |
MGMT_API_ACCESS_TOKEN |
Access Token for the Management API with the scope create:organization_invitations . |
NAME_OF_USER |
Name of the user to whom you want to send the invitation. Maximum of 300 characters. |
EMAIL_ADDRESS |
Email address to which the invitation should be sent. |
CLIENT_ID |
ID of the application to which the invited user should authenticate. |
CONNECTION_ID |
ID of the connection through which the invited member should authenticate. |
EXP_TIME |
Number of seconds before the invitation expires. If unspecified or set to 0, defaults to 604800 seconds (7 days). Maximum of 2592000 seconds (30 days). |
ROLE_ID |
ID of the role(s) you want to assign to the invited user for the specified organization. Maximum of 50 roles per member. |
SEND_INVITATION_EMAIL_OPTION |
Indicates whether Auth0 should send the email. Values are true or false . When set to false , Auth0 will generate an invitation URL that you can deliver to users through your own email service. |
Response status codes
Possible response status codes are as follows:
Status code | Error code | Message | Cause |
---|---|---|---|
200 |
Invitation successfully created. | ||
400 |
invalid_body |
The specified client_id does not exist. | The request payload is not valid. |
400 |
invalid_body |
The specified connection does not exist. | The request payload is not valid. |
400 |
invalid_body |
Passwordless connections are not supported. | The request payload is not valid. |
400 |
invalid_body |
A default login route is required to generate the invitation url. To learn more, see Configure default login routes. | The request payload is not valid. |
400 |
invalid_body |
One or more of the specified roles do not exist: role1, role2'. | The request payload is not valid. |
400 |
invalid_body |
Invalid request body. The message will vary depending on the cause. | The request payload is not valid. |
400 |
invalid_query_string |
Invalid request query string. The message will vary depending on the cause. | The query string is not valid. |
401 |
Invalid token. | ||
401 |
Invalid signature received for JSON Web Token validation. | ||
401 |
Client is not global. | ||
403 |
insufficient_scope |
Insufficient scope; expected any of: create:organization_invitations . |
Tried to read/write a field that is not allowed with provided bearer token scopes. |
404 |
No organization found by that id. | ||
429 |
Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. |