> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.
> Learn to enable Organization connections using the Auth0 Dashboard and Management API.
# Enable Organization Connections
export const AuthCodeGroup = ({children, dropdown}) => {
const [processedChildren, setProcessedChildren] = useState(children);
useEffect(() => {
let unsubscribe = null;
function init() {
unsubscribe = window.autorun(() => {
const processChildren = node => {
if (typeof node === "string") {
let processedNode = node;
for (const [key, value] of window.rootStore.variableStore.values.entries()) {
const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
processedNode = processedNode.replaceAll(new RegExp(escapedKey, "g"), value);
}
return processedNode;
} else if (Array.isArray(node)) {
return node.map(processChildren);
} else if (node && node.props && node.props.children) {
return {
...node,
props: {
...node.props,
children: processChildren(node.props.children)
}
};
}
return node;
};
setProcessedChildren(processChildren(children));
});
}
if (window.rootStore) {
init();
} else {
window.addEventListener("adu:storeReady", init);
}
return () => {
window.removeEventListener("adu:storeReady", init);
unsubscribe?.();
};
}, [children]);
return {processedChildren};
};
Manage Organization Connections via new endpoints and attributes is in Early Access as part of the [My Organization API and Embeddable UI Components](/docs/manage-users/my-organization-api). By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). To learn more about Auth0’s product release cycle, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages).
You can enable specific connections for each [Organization](/docs/manage-users/organizations/organizations-overview) to provide users with different login options. After you enable a connection, it is added to the Organization login prompt, and users can authenticate through that connection to access your applications.
To enable a connection for an organization, the connection **must** already exist in your tenant. Supported connections include [database connections](/docs/authenticate/database-connections), [social connections](/docs/authenticate/identity-providers/social-identity-providers), and [enterprise connections](/docs/authenticate/identity-providers/enterprise-identity-providers).
## Organization Properties
When using organizations, some connections have additional properties that you can configure:
| **Property** | **Connection Types** | **Description** |
| ------------------------------- | --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Organization Connection Name | All connection types | This name is provided by the Organization Admin using the [My Organization API](/docs/manage-users/my-organization-api). If not populated, specify the name you would like Organization Admins to see when viewing this connection. |
| Organization Admin Access Level | All connection types | This property determines what level of access Organization Admins have for this connection. The available values are: - **None**: Managed by the Tenant Admin, not visible or editable using the My Organization API.
- **Read-only**: Managed by the Tenant Admin, visible using the My Organization API.
- **Limited**: Organization Admins can edit selected, non-sensitive settings using the My Organization API.
- **Full**: Organization Admins can edit all allowed settings for this connection, subject to restrictions defined by the [Connection Profile](/docs/authenticate/enterprise-connections/connection-profile).
|
| Membership On Authentication | All connection types | When enabled, this property automatically assigns Organization membership to end-users the first time they authenticate with the connection. Membership on Authentication is useful in scenarios where all users with the ability to authenticate with a specific connection can be assumed to be members of an Organization. |
| Organization Signup | Database connections only | This property determines whether or not end-users can access a signup link on the login prompt that allows them to gain membership to an Organization. To use Organization Signup, you must also enable Membership On Authentication. Organization Signup is useful in scenarios where users need self-service access to join Organizations, such as: - When Organizations are used to model open-membership user populations like workspaces.
- In business-to-business-to-consumer (B2B2C) use cases where users can freely sign up for accounts.
|
| Display connection as a button | Enterprise connections only | Optional. This property determines whether or not a specific connection displays as an option on the Organization login prompt. End users can also authenticate using the [Identifier First with Home Realm Discovery](/docs/authenticate/login/auth0-universal-login/identifier-first) authentication profile in combination with the [Prompt for Credentials](/docs/manage-users/organizations/login-flows-for-organizations#configure-the-login-flow-for-your-application) Organization login flow. This only works if you do **not** provide an `org_id` with the authorization request. If this option is disabled, end-users can still authenticate via the connection by sending the connection parameter directly in the authorization request. |
## Configure Organization Connections
You can configure connections for organizations using either the Auth0 Dashboard or the Management API.
#### Auth0 Dashboard
To enable a connection in Auth0 Dashboard:
1. Navigate to [Auth0 Dashboard > Organizations](https://manage.auth0.com/#/organizations), and select the Organization you want to configure.
2. Select the **Connections** tab, then **Add Connections**.
3. Choose the connection you want to enable, and select **Add Connection**.
4. In the Organization Connection section, configure both properties required to leverage a connection via the My Organization API:
* Locate **Organization Connection Name**. If not populated, specify the name that you would like Organization Admins to see when viewing this connection.
* Locate **Organization Admin Access Level** and if not populated, choose the level of access that you'd like Organization Admins to have for this connection via the My Organization API.
5. In the Authentication section, locate **Membership On Authentication** and choose whether to enable or disable auto-membership. When enabled, auto-membership automatically adds all users logging in with the connection as members of the Organization.
6. **For Database connections only**: In the Organization Signup section, choose whether to enable or disable self-service signups. When enabled, users can access a signup link on the login prompt to create their account and automatically gain membership to the Organization.
* To enable this property, you must first enable **Membership on Authentication**.
* **Note**: Organization Signup takes priority over the Database connection’s signup configuration. When Organization Signup is enabled, users can still sign up to an Organization or accept an Organization invite, even if signups are disabled at the Database connection level.
7. **For Enterprise connections only**: In the Connection button section, optionally enable the **Display connection as a button** property to display the connection as an option on the Organization login prompt.
If all enabled connections within the Organization are enterprise connections, and all connections are hidden, Auth0 returns an error that reads `Message: no connections enabled for the organization are visible` when users access the application.
8. Select **Save**.
#### Management API
To enable a connection via the Management API:
Make a `POST` call to the `Create Organization Connections` endpoint. Ensure you update the following placeholder values with the appropriate information:
* Replace `{orgId}` with your Organization ID.
* Replace `{mgmtApiAccessToken}` with your Management API access token.
* Replace `{connectionId}` with a specific connection ID.
* Replace `{assignMembershipOption}` with `true` or `false` with respect to your Membership on Authentication selection.
* Replace `{isEnabled}` with `true` or `false` depending on if you want the connection enabled or not.
* **For Database connections only**: Replace `{isSignupEnabled}` with `true` or `false` with respect to your signup selection.
* **For Enterprise connections only**: Replace `{showAsButtonOption}` with `true` or `false` with respect to your Connection Button selection.
* **For My Organization API use**: Replace `{organizationAccessLevel}` and `{organizationConnectionName}` with the appropriate values.
```bash cURL lines theme={null}
curl --request POST \
--url https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/connections \
--header 'authorization: Bearer {yourMgmtApiAccessToken}' \
--header 'cache-control: no-cache' \
--header 'content-type: application/json' \
--data '{ "connection_id": "{connectionId}", "assign_membership_on_login": "{assignMembershipOption}", "is_enabled": "{isEnabled}", "is_signup_enabled": "{isSignupEnabled}", "show_as_button": "{showAsButtonOption}", "organization_access_level": "{organizationAccessLevel}", "organization_connection_name": "{organizationConnectionName}"}'
```
```csharp C# lines theme={null}
var client = new RestClient("https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/connections");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
request.AddHeader("cache-control", "no-cache");
request.AddParameter("application/json", "{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\", \"is_enabled\": \"{isEnabled}\", \"is_signup_enabled\": \"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\", \"organization_access_level\": \"{organizationAccessLevel}\", \"organization_connection_name\": \"{organizationConnectionName}\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```
```go Go lines expandable theme={null}
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/connections"
payload := strings.NewReader("{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\", \"is_enabled\": \"{isEnabled}\", \"is_signup_enabled\": \"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\", \"organization_access_level\": \"{organizationAccessLevel}\", \"organization_connection_name\": \"{organizationConnectionName}\" }")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("content-type", "application/json")
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
req.Header.Add("cache-control", "no-cache")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
```
```java Java lines theme={null}
HttpResponse response = Unirest.post("https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/connections")
.header("content-type", "application/json")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.header("cache-control", "no-cache")
.body("{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\", \"is_enabled\": \"{isEnabled}\", \"is_signup_enabled\": \"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\", \"organization_access_level\": \"{organizationAccessLevel}\", \"organization_connection_name\": \"{organizationConnectionName}\" }")
.asString();
```
```javascript Node.JS lines theme={null}
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/connections',
headers: {
'content-type': 'application/json',
authorization: 'Bearer {yourMgmtApiAccessToken}',
'cache-control': 'no-cache'
},
data: '{ "connection_id": "{connectionId}", "assign_membership_on_login": "{assignMembershipOption}", "is_enabled": "{isEnabled}", "is_signup_enabled": "{isSignupEnabled}", "show_as_button": "{showAsButtonOption}", "organization_access_level": "{organizationAccessLevel}", "organization_connection_name": "{organizationConnectionName}" }'
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});
```
```php PHP lines expandable theme={null}
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/connections",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\", \"is_enabled\": \"{isEnabled}\", \"is_signup_enabled\": \"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\", \"organization_access_level\": \"{organizationAccessLevel}\", \"organization_connection_name\": \"{organizationConnectionName}\" }",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}",
"cache-control: no-cache",
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
```
```python Python lines theme={null}
import http.client
conn = http.client.HTTPSConnection("")
payload = "{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\", \"is_enabled\": \"{isEnabled}\", \"is_signup_enabled\": \"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\", \"organization_access_level\": \"{organizationAccessLevel}\", \"organization_connection_name\": \"{organizationConnectionName}\" }"
headers = {
'content-type': "application/json",
'authorization': "Bearer {yourMgmtApiAccessToken}",
'cache-control': "no-cache"
}
conn.request("POST", "%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/connections", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
```
```ruby Ruby lines theme={null}
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourAuth0Domain%7D/api/v2/organizations/%7BorgId%7D/connections")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
request["cache-control"] = 'no-cache'
request.body = "{ \"connection_id\": \"{connectionId}\", \"assign_membership_on_login\": \"{assignMembershipOption}\", \"is_enabled\": \"{isEnabled}\", \"is_signup_enabled\": \"{isSignupEnabled}\", \"show_as_button\": \"{showAsButtonOption}\", \"organization_access_level\": \"{organizationAccessLevel}\", \"organization_connection_name\": \"{organizationConnectionName}\" }"
response = http.request(request)
puts response.read_body
```
**Find Your Auth0 Domain**
If your Auth0 domain is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus `.auth0.com`. For example, if your tenant name were `travel0`, your Auth0 domain name would be `travel0.us.auth0.com`. (If your tenant were in the US and created before June 2020, then your domain name would be `https://travel0.auth0.com`.)
If you are using [custom domains](/docs/customize/custom-domains), this should be your custom domain name.
| **Value** | **Description** |
| ------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `{orgId}` | ID of the Organization for which you want to enable a connection. |
| `{mgmtApiAccessToken}` | [Access Token for the Management API](/docs/secure/tokens/access-tokens/management-api-access-tokens) with the scope `create:organization_connections`. |
| `{connectionId}` | ID of the connection you want to enable for the specified Organization. |
| `{assignMembershipOption}` | Indicates whether you want users that log in with this connection to automatically be granted membership in the Organization. When set to `true`, users will automatically be granted membership. When set to `false`, they will not automatically be granted membership. |
| `{isEnabled}` | Enables or disables a connection for an Organization. By disabling a connection, it is possible to keep the values for `show_as_button`, `assign_membership_on_login`, etc., while keeping the connection disabled. |
| `{isSignupEnabled}` | Determines whether users can access a self-service signup link on the login prompt. When set to `true`, the signup link displays on the prompt. When set to `false`, the link remains hidden. **Note**: To enable this option, you must also set `{assignMembershipOption}` to `true`. |
| `{showAsButtonOption}` | Indicates whether you want a specific Enterprise connection to display as an option on the Organization login prompt. When set to `true`, the connection displays as a button on the prompt. When set to `false`, the connection is hidden on the prompt. |
| `{organizationAccessLevel}` | Determines what kind of access an Organization Admin will have when using the My Organization API. When set to `none`, the connection will be managed by the Tenant Admin and will not be visible or editable via the My Organization API. When set to `read-only`, the connection will be managed by the Tenant Admin and will be visible via the My Organization API, but not editable. When set to `limited`, Organization Admins can edit selected, non-sensitive settings via the My Organization API. When set to `full`, Organization Admins can edit all allowed settings for this connection, subject to restrictions defined by the [Connection Profile](/docs/authenticate/enterprise-connections/connection-profile). |
| `{organizationConnectionName}` | This name is provided by the Organization Admin via the My Organization API. If not populated, specify the name that you would like Organization Admins to see when viewing this connection. |
##### Response status codes
Possible response status codes are as follows:
| **Status code** | **Error code** | **Message** | **Cause** |
| --------------- | -------------------- | ---------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------- |
| `201` | | Connection successfully added to an Organization. | |
| `401` | | Invalid token. | |
| `401` | | Invalid signature received for JSON Web Token validation. | |
| `401` | | Client is not global. | |
| `403` | `insufficient_scope` | Insufficient scope; expected any of: `create:organizations_connections`. | Tried to read/write a field that is not allowed with provided bearer token scopes. |
| `429` | | Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. | |