Use Cases: Organization Information in Session Metadata

Session Metadata is currently in Early Access for Enterprise customers only. By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. To learn more about Auth0’s product release cycle, read Product Release Stages.

Session metadata makes the user context data portable and visible across the session lifecycle and in logout events. Downstream systems can use session metadata information to conduct audits, perform analytics, and apply revocation pipelines, among other uses.

Add organization information to session metadata

You can use Actions to store the organization’s identifiers in a session with the post-login api.session.setMetadata() method and query it with the event.session.metadata object. Post-Login Action code:

/**
 * Post-Login Action (simple)
 * Adds organization context to session metadata so it appears in subsequent Actions,
 * the Management API, and (if enabled) the Back-Channel Logout token.
 */
exports.onExecutePostLogin = async (event, api) => {
  // Only proceed if the transaction targets an Organization
  if (!event.organization) return;

  // Keep values short and string-only (session metadata requires strings)
  const orgId = String(event.organization.id || "");
  const orgSlug = String(event.organization.name || "");
  const orgDisplay = String(event.organization.display_name || orgSlug);

  // Minimal, idempotent writes (only a few keys to stay well under limits)
  api.session.setMetadata("org_id", orgId);
  api.session.setMetadata("org_slug", orgSlug);
  api.session.setMetadata("org_name", orgDisplay);
};

The session metadata is available for subsequent Actions, retrievable via the Management API and can be included in the OpenID Connect Back-Channel Logout token.

In subsequent Actions, you can query the data via the event.session.metadata object:

const orgId = event.session.metadata?.org_id;

If you use the Management API, you can query the data via the /api/v2/sessions/ endpoint:

GET /api/v2/sessions/{id}

Sample response:

{
  "session_metadata": {
    "org_id": "org_abc123",
    "org_slug": "acme",
    "org_name": "Acme Corp"
  }
}

Calls to the /api/v2/sessions/{id} endpoint require a Management API access token with the update:session scope.

If you have an OIDC Back-Channel Logout session metadata configured application, the logout_token includes the session metadata:

{
  "events": { "http://schemas.openid.net/event/backchannel-logout": {} },
  "session_metadata": {
    "org_id": "org_abc123",
    "org_slug": "acme",
    "org_name": "Acme Corp"
  }
}

Manage Users

Manage Access

Use Cases: Organization Information in Session Metadata

Add organization information to session metadata

Manage Users

Manage Access

​Add organization information to session metadata

Add organization information to session metadata