Machine-to-Machine Access to Organizations can be granted by directly associating a client grant to an organization or allowing access to any organization in the client grant settings. Both scenarios can be audited via the or the , where you can view or retrieve a list of client grants associated with an organization for an application. To learn more about how M2M access to Organizations permissions work, read Configure Your Application for M2M Access and Authorize M2M Access.

Access granted via direct association

Use the Auth0 Dashboard and Management API to audit M2M access for client grants that are directly associated to an organization.
To view the application client grants that have been authorized for a specific organization on the Auth0 Dashboard:
  1. Navigate to Organizations and choose the organization you wish to inspect.
  2. Select the Machine-to-Machine Access tab. You will get a paginated list of all the applications that can access an API for this organization via direct association.
  3. Choose an applicationto review the authorized APIs listed for that application.

Access granted to any organization

Use the Auth0 Dashboard and Management API to audit M2M access for applications that have access granted to any organization.
  1. Navigate to Organizations.
  2. Select the Machine to Machine Access tab. You will get a paginated list of all the applications that can access at least one of the API for an organization.
  3. Choose an application to review the authorized APIs listed for that application.

Search applications based on organization access

Search results are eventually consistent.
The following table shows the search terms supported to query applications with the q parameter on the /clients endpoint:
FieldDescription
client_grant.organization_id:{organization_id}Use to search for applications that can access at least one of the APIs for an organization.
client_grant.allow_any_organization:trueUse to search for applications that can access at least one of the APIs for any organization.

Tenant logs

Machine-to-Machine Access for Organizations is also reflected in tenant logs. You can check the organization associated to the request in the corresponding seccft tenant log. The following code sample is an example seccft tenant log with organization information: 
{
  "date": "2024-10-24T19:06:17.460Z",
  "type": "seccft",
  "description": "Client Credentials for Access Token",
  "connection_id": "",
  "client_id": "qoQKtXuhdSibs1jUeXk3mmCwXoAafGnO",
  "client_name": "jwt.io (Test Application)",
  "ip": "130.41.219.72",
  "user_agent": "Other 0.0.0 / Other 0.0.0",
  "hostname": "david-test.test-aws-abundant-lobster-6004.auth0c.com",
  "user_id": "",
  "user_name": "",
  "organization_id": "org_mPdwToiiHHOtz0SH",
  "organization_name": "cc_test",
  "audience": "https://jwt.io.com",
  "scope": "read:data",
  "$event_schema": {
    "version": "1.0.0"
  },
  "log_id": "90020241024190617517817000000000000001223372036854775862",
  "tenant_name": "david-test",
  "_id": "90020241024190617517817000000000000001223372036854775862",
  "isMobile": false,
  "id": "90020241024190617517817000000000000001223372036854775862"
}