Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0.com/llms.txt

Use this file to discover all available pages before exploring further.

Auth0 allows you to assign and remove roles for -provisioned Enterprise Groups using the Auth0 Dashboard or Management API. When roles are assigned to a group, all members inherit those roles at log in. You can manage group roles at two scopes:
  • Organization Groups — Enterprise Groups within a specific Organization. Requires Auto-Membership enabled on the enterprise connection for role inheritance to take effect.
  • Enterprise Groups — Enterprise Groups scoped to your Auth0 tenant.

Assign roles

Organization Groups

Assign roles to SCIM-provisioned Enterprise Groups within an Organization. Enterprise Groups are synced from an enterprise identity provider (such as Okta or Microsoft Entra ID) via SCIM. When an Organization member logs in, they inherit any roles assigned to the Enterprise Groups they belong to. The Organization’s enterprise connection must have Auto-Membership enabled for group role inheritance to take effect. To learn more about how Enterprise Groups are provisioned, read Configure Inbound SCIM.
  1. Go to Dashboard > Organizations and select the Organization.
  2. Select the Groups tab.
  3. Select the group you want to assign roles to.
  4. Select Assign Roles.
  5. Search for and select the roles you want to assign, then select Assign.
The assigned roles appear in the group’s details.

Enterprise Groups

Assign roles to SCIM-provisioned Enterprise Groups. When a role is assigned to a group, all members of that group inherit the assigned role when they log in. To learn how Enterprise Groups are provisioned from an enterprise identity provider, read Configure Inbound SCIM.
  1. Go to Dashboard > User Management > Enterprise Groups.
  2. Select the group you want to assign roles to.
  3. Select the Roles tab, then select Assign Roles.
  4. Search for and select the roles you want to assign, then select Assign.
The assigned roles appear in the group’s Roles tab.

Remove roles

Organization Groups

Remove roles from SCIM-provisioned Enterprise Groups within an Organization. Once a role is removed, Organization members in that group will no longer inherit it when they log in. The Organization’s enterprise connection must have Auto-Membership enabled for group role inheritance to take effect.
  1. Go to Dashboard > Organizations and select the Organization.
  2. Select the Groups tab.
  3. Select the group you want to update.
  4. Locate the role you want to remove, then select the trash icon next to it.
  5. Confirm the removal.
The role no longer appears in the group’s details.

Enterprise Groups

Remove roles from SCIM-provisioned Enterprise Groups. Once a role is removed, group members will no longer inherit it when they log in.
  1. Go to Dashboard > User Management > Enterprise Groups.
  2. Select the group you want to update.
  3. Select the Roles tab.
  4. Locate the role you want to remove, then select the trash icon next to it.
  5. Confirm the removal.
The role no longer appears in the group’s Roles tab.

Learn more