Use Cases: Organization Information in Session Metadata
Session Metadata is currently in Early Access for Enterprise customers only. By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. Reach out to your Auth0 contact to request access. To learn more about Auth0's product release cycle, read Product Release Stages.
Session metadata makes the user context data portable and visible across the session lifecycle and in logout events.
Downstream systems can use session metadata information to conduct audits, perform analytics, and apply revocation pipelines, among other uses.
Add organization information to session metadata
You can use Actions to store the organization’s identifiers in a session with the post-login api.session.setMetadata() method and query it the event.session.metadata object.
/**
* Post-Login Action (simple)
* Adds organization context to session metadata so it appears in subsequent Actions,
* the Management API, and (if enabled) the Back-Channel Logout token.
*/
exports.onExecutePostLogin = async (event, api) => {
// Only proceed if the transaction targets an Organization
if (!event.organization) return;
// Keep values short and string-only (session metadata requires strings)
const orgId = String(event.organization.id || "");
const orgSlug = String(event.organization.name || "");
const orgDisplay = String(event.organization.display_name || orgSlug);
// Minimal, idempotent writes (only a few keys to stay well under limits)
api.session.setMetadata("org_id", orgId);
api.session.setMetadata("org_slug", orgSlug);
api.session.setMetadata("org_name", orgDisplay);
};Was this helpful?
The session metadata is available for subsequent Actions, retrievable via the Management API and can be included in the Open ID Back-Channel Logout token
In subsequent Actions, you can query the data via the
event.session.metadataobject:
const orgId = event.session.metadata?.org_id;Was this helpful?
If you use the Management API, you can query the data via the /api/v2/sessions/{id} endpoint:
GET /api/v2/sessions/{id}Was this helpful?
Sample response:
{
"session_metadata": {
"org_id": "org_abc123",
"org_slug": "acme",
"org_name": "Acme Corp"
}
}Was this helpful?
Calls to the /api/v2/sessions/{id} endpoint require a Management API access token with the update:session scope.
If you have an OIDC Back-Channel Logout session metadata configured application, the
logout_tokenincludes the session metadata:
{
"events": { "http://schemas.openid.net/event/backchannel-logout": {} },
"session_metadata": {
"org_id": "org_abc123",
"org_slug": "acme",
"org_name": "Acme Corp"
}
}Was this helpful?