Create Your First Organization

To begin using the Organizations feature, you must create and configure your organizations.

When you create an organization, the settings you define are used to customize the login page and email templates that end-users see when they authenticate in the context of the organization.

When using Organizations out-of-the-box, these settings will override the settings for Universal Login pages. To learn more about further customizing the login page or email templates, read Customize prompts and email templates.

You may be familiar with applications like Heroku that present different behaviors depending on whether a user logs in with a personal account or selects an organization associated with their business account. Auth0 allows you to define similar organization behavior at the application level.

For each application you create in Auth0, you can decide whether end-users should log in directly or be required to authenticate in the context of an organization. For applications that require users to log in via an organization, you can also specify what happens if one is not provided to the login flow.

You may also want to update your Application's Allowed Callback URLs and Allowed Origins (CORs) application settings to include Organization placeholders for subdomains.

When using Organizations with Universal Login out-of-the-box prompts, the branding settings you configure when you create organizations override the branding for Universal Login pages and email templates. If you would like to further modify the Universal Login pages and emails that the end-user receives, you can customize page and email templates.

To modify Universal Login page, customize a page template using the Liquid template language and template variables, then apply the template using the Universal Login Page Templates API. To learn more, read Universal Login Page Templates.

Because the same template is used for all pages, you can implement consistent login pages with minimum effort.

The simplest template you can write is:

<!DOCTYPE html>
<html>
  <head>
    {%- auth0:head -%}
  </head>
  <body>
    {%- auth0:widget -%}
  </body>
</html>

The following tags must be present in the template:

• auth0:widget: Contains the HTML that structures the widget displayed on every page type (e.g., Login, Reset Password).

• auth0:head: Contains tags required to render the widget.

To center the widget in the page, replace the <body> tag with <body class="_widget-auto-layout">.

To modify emails the end-user receives, customize an email template using the Liquid template language and template variables. To learn more, read Customize Email Templates.

The following email templates can be further customized for organizations:

• Welcome: Received by the end-user once they verify their email address or, if email verification is disabled, when they sign up (or log in for the first time).

• Password Change: Received by the end-user when they request a password change. Contains a link that redirects them to the Password Reset page.

• Invite User: Received by the end-user when they are invited to an organization. Contains a link that redirects them to your configured default login route. To learn more, read Invite Organization Members.

Page and email templates may access a set of context variables that you can use to impact how the template is rendered.

For lists of available variables, read Universal Login Page Templates for page template variables and Customize Email Templates for common email template variables.

Additional variables are available to the page template when a user logs in through an organization:

• organization.id

• organization.display_name

• organization.name

• organization.metadata

• organization.branding.logo_url

• organization.branding.colors.primary

• organization.branding.colors.page_background

Each organization has its own associated members, which represent the users who can access your applications by logging in through the organization’s configured login page.

SaaS and B2B applications are usually provided to teams rather than to isolated individual users. In this context, a team could be an entire company, a small set of employees (for example, the marketing department), or even a transient group of users that are organized around a purpose (for example, a group of neighbors who have signed up to work with a charity and are competing as a team to raise the most money for a cause).

Organizations in Auth0 are flexible enough to support all of these use cases, but require some planning when building an application that supports teams. One of the first things to consider is how to manage team membership, which you can accomplish by:

• Inviting users via email

• Granting just-in-time membership to users that log in via an enabled connection

• Directly managing membership via the Management API or Auth0 Dashboard by assigning members or removing members

Once membership is defined, you can retrieve members of organizations or retrieve a user's organization membership.

Each organization member can be assigned one or more roles, which are applied when users log in through the organization. Specifically, you can add roles to organization members, remove roles from organization members, or retrieve member roles for an organization. You can use roles and their associated permissions to control access to applications that you build. To learn more about roles, read Role-base Access Control.

• Understand How Auth0 Organizations Work
• Custom Development with Organizations
• Work with Tokens and Organizations
• Configure Organizations