Delegated Administration: Hooks


If you are a user with the Delegated Admin - Administrator role in your User Profile, log in to the Delegated Administration Dashboard, and click on your name in the top right corner, you'll see a Configure option. On the Configuration page, you can manage the different Hooks and queries that allow you to customize the behavior of the Delegated Administration extension.

Hooks Signature

Hooks always have the following signature:

The context object will expose a few helpers and information about the current request. The following methods and properties are available in every Hook.

1. Logging

To add a message to the Webtask logs (which you can view using the Realtime Webtask Logs extension), call the log method:

2. Caching

To cache something (such as a long list of departments), you can store it on the context's global object. This object will be available until the Webtask container recycles.

3. Custom Data

You can store custom data within the extension. This is field is limited to 400kb of data.

To read the data:

4. Payload and Request

Each Hook exposes the current payload and/or request with specific information. The request will always contain information about the user that is logged into the Users Dashboard:

5. Remote Calls

If you want to call an external service (such as an API) to validate data or to load memberships, you can do this using the request module.

The Filter Hook

By default, users with the Delegated Admin - User role see all users associated with the Auth0 account. However, you can filter the data users see using the Filter Hook.

The Hook contract:

  • ctx: The context object
  • callback(error, query): The callback to which you can return an error or the lucene query used when filtering the users. The extension will send this query to the GET Users endpoint of the Management API


If Kelly manages the Finance department, she should only see the users that are also part of the Finance department. We'll filter the users with respect to the department of the current user.

Using Special Characters

Do not use single quotes, double quotes, or any other special characters (such as + or -) in any term on which you'll want to filter. This might cause issues with the Lucene query.

If you do not configure this Hook, the search returns all users.

The Access Hook

While the Filter Hook only applies filtering logic you'll need a second layer of logic to determine if the current user is allowed to access a specific user. This is what the Access Hook allows you to do, determine if the current user is allowed to read, delete, block, or unblock a specific user.

The Hook contract:

  • ctx: The context object
    • payload: The payload object
      • action: The current action (eg: delete:user) that is being executed
      • user: The user on which the action is being executed
  • callback(error): The callback to which you can return an error if access is denied

Example: Kelly manages the Finance department and she should only be able to access users within her department.

If this hook is not configured all users will be accessible.

Supported action names:

  • read:user
  • delete:user
  • reset:password
  • change:password
  • change:username
  • change:email
  • read:devices
  • read:logs
  • remove:multifactor-provider
  • block:user
  • unblock:user
  • send:verification-email

Create Hook

Whenever new users are created you'll want these users to be assigned to the group/department/vendor/... of the current user. This is what the Create Hook allows you to configure.

Hook contract:

  • ctx: The context object.
    • payload: The payload object.
      • memberships: An array of memberships that were selected in the UI when creating the user.
      • email: The email address of the user.
      • password: The password of the user.
      • connection: The name of the user.
  • callback(error, user): The callback to which you can return an error and the user object that should be sent to the Management API.

Example: Kelly manages the Finance department. When she creates users, these users should be assigned to her department.

Auth0 only supports user creation with Database Connections.

The Memberships Query Hook

When creating a new user, the UI shows a drop-down where you can choose the membership(s) you want assigned to a user. These memberships are then defined using the Memberships Query.

The Hook contract:

  • ctx: The context object
  • callback(error, { createMemberships: true/false, memberships: [ ...] }): The callback to which you can return an error and an object containing the membership configuration

Example: Users of the IT department should be able to create users in other departments. Users from other departments should only be able to create users for their own departments.


  • Because you can only use this query in the UI, you'll need to assign memberships using the Create Users function if you need to enforce the assigning of users to specific departments.
  • If there is only one membership possible, this field will not show in the UI.

You can allow the end user to enter any value memberships by setting createMemberships to true.

The Settings Query Hook

The Settings Query allows you to customize the look and feel of the extension.

The Hook contract

  • ctx: The context object
  • callback(error, settings): The callback to which you can return an error and a settings object