Manage Auth0 Dashboard Administrators and Support-Only Users
You are responsible for managing your tenant administrators, including revoking privileges from users as necessary. You are responsible for all activities that occur under your account/tenant. You can add, configure, and remove tenant administrators in the Auth0 Dashboard.
Administrators are application-specific, so areas to which the admin doesn't have access rights (e.g., APIs, Rules, Hooks, Universal Login Pages, and so on) will appear as blank pages. Administrators will also not be allowed to manage users, create rules, and perform other functions for applications to which they don't have access.
Application-specific access includes the following:
Read and write access to the specific application configuration
Read access to enabled connections for the application
Ability to configure add-ons for the specific application
Read (not write) access to all user records
In addition, a user can be invited to be an administrator for multiple applications, but each application invite must be sent and accepted individually.
Enter an email address and select the applications to which you would like the user to have administrative access in the Application box.
When the user opens and accepts the email invitation, the current Auth0 account in the browser will be added as a Dashboard Admin (as long as the user is logged in with an account linked to the email address to which the invitation was sent. If not, the user will be prompted to log in with an account linked to the invitation email address. If there is no current session, the recipient will be prompted to log in or create an Auth0 account.
If the invited administrator has not created an Auth0 admin user account, they will need to do so in order to be able to accept the invitation and log in to the Auth0 Dashboard. Auth0 admin users are managed separately from tenant users. Accounts can be created by following the invitation URL or signing up through auth0.com/signup.
Update administrator email addresses
To update the email address associated with an existing tenant administrator, send an invite using the new email address. Once they accept the invite, you can remove the tenant administrator associated with the old email address.
You can remove administrators by clicking REMOVE after they have been added.
Add, change or remove MFA
Multi-factor authentication (MFA) provides an additional level of security to your Auth0 account. Once enabled, in addition to supplying your login credentials you will be prompted for an additional piece of identifying information. This ensures that only valid users can access their accounts even if they use a username and password that may have been compromised.
An administrator can self-enroll for MFA in their Account Settings. The MFA indicator in the Dashboard > Tenant Settings > Dashboard Admins list identifies whether an administrator has enabled their account for MFA.
Auth0 supports the following factors for enabling MFA for Dashboard users:
Push notification via Guardian: Sends push notifications to a user's pre-registered device, typically a mobile phone or tablet. The user can immediately allow or deny account access with a button press. The push factor is available with the Guardian mobile app for iOS and Android.
One-time passwords (OTP): Allows a user to use an authenticator app on their personal device, such as Google Authenticator, to generate an OTP that will change over time and can be entered as a second factor to validate the account.
SMS notification: Sends a one-time code over SMS that the user is then prompted to enter before they can complete authentication.
To self-enroll for MFA, the user should click on their username in the top right and go to View Profile in the dropdown menu.
Click Enroll your device now.
Follow the on-screen instructions to complete the enrollment.
Immediately after successfully enabling two-factor authentication, the user will be prompted to copy a recovery code. Should the user lose access to all their enrolled factors, they can use this recovery code to log in to their account. We suggest copying and printing recovery codes or storing them in a safe place, such as a password manager.
If the user loses the recovery codes or just wants to generate new ones, they can do so from their profile page.
Remove or change MFA
Users can remove or change factors if they are lost.
If a user is changing devices and will no longer have the old device, remove it by verifying MFA with that device.
The user will be prompted for it, and then it will be removed.
If the user no longer has access to the device, they can use a recovery code to do this process with the same results. Then, they can add a new device.
If the user no longer has access to the device or a recovery code, another admin must file an Auth0 support ticket on their behalf so Auth0 can verify the request and proceed with an MFA reset. This only applies to Dashboard Admin accounts. Auth0 will not process end-user account MFA resets, as we do not have control over your tenants.
Log in to the Dashboard with MFA enabled
Logging in with MFA enabled is only slightly different than a normal login. When you enter admin account credentials, a second prompt appears, depending on which type of MFA factors you’ve enabled.
If a user loses access to a primary factor, they can choose to Select Another Method and try with any of the other factors, including recovery codes. Hence the importance of enrolling multiple methods to prevent being locked out of your account.
Add support-only users
If you want to allow employees of your organization to have access to Auth0 Support Center, but you don't want to give them complete administrator access over the tenant or a particular application, you can add them as support-only users. This will allow them to open, view, and comment on Support Center tickets, receive relevant notifications, and see service details. They do not have full administration access to the Auth0 Dashboard.
Only tenant administrators with All Applications access can add support-only users. Administrative account users will be able to see details about support-only account users.
Using this page, you can:
Search for users
See the account details for users
To add one or more support-only users, go to Support Center.
Click on your name in the top right and click Invite Users to Support Center.
If this is the first time you've used this feature or there are no support-only users, you'll be redirected immediately to a screen that allows you to invite users.
Provide the user's email address, select the Auth0 service to which they should have support access, and click Send Invitation. Auth0 will then send the user an email inviting them to register for and log into the Support Center.
See Reset Auth0 Account Password if you or one of your Dashboard users is having issues logging in.
Find missing tenants
Dashboard administrations can create multiple Auth0 accounts in different ways. For example, they can sign up with a social provider (e.g., Google, GitHub), then sign up again using their email address. If a Dashboard administrator reports that they cannot see all of their tenants after logging in, check to see if they have multiple Auth0 accounts.
You can confirm the signup method used by the Dashboard administrator by going to Dashboard > Tenant Settings > Dashboard Admins.