Send Organization Membership Invitations
You can send organization membership invitations to users using either the Auth0 Dashboard or the Management API.
Auth0 Dashboard
To invite members via the Auth0 Dashboard:
Navigate to Auth0 Dashboard > Organizations, and select the organization for which you want to configure membership.
Select the Invitations view, and select Invite Members.
Select the Application to which you would like to invite the member, enter the email address of the user you would like to invite to the organization, and select Send Invite(s).
Optionally, you can specify the connection with which you want users to accept the invitation, and roles you want assigned to the organization member when they accept.
Management API
If you are exposing the invitation feature from an admin dashboard you have custom developed for your application, be sure to use a confidential application to validate that the authenticated user is inviting new members to an organization to which they already belong, or restrict the ability to invite others to only members with a specific assigned role.
To invite members via the Management API:
Make a POST call to the Create Organization Invitations endpoint. Be sure to replace ORG_ID, MGMT_API_ACCESS_TOKEN, NAME_OF_USER, EMAIL_ADDRESS, CLIENT_ID, CONNECTION_ID, EXP_TIME, ROLE_ID, and SEND_INVITATION_EMAIL_OPTION placeholder values with your organization ID, Management API Access Token, name of invited user, email address of invited user, client ID, connection ID, expiration time, and role IDs, respectively.
{
"method": "POST",
"url": "https://YOUR_AUTH0_DOMAIN/api/v2/organizations/ORG_ID/invitations",
"headers": [
{ "name": "Content-Type", "value": "application/json" },
{ "name": "Authorization", "value": "Bearer MGMT_API_ACCESS_TOKEN" },
{ "name": "Cache-Control", "value": "no-cache" }
],
"postData": {
"mimeType": "application/json",
"text" : "{ \"inviter\": { \"name\": \"NAME_OF_USER\"}, \"invitee\": { \"email\": \"EMAIL_ADDRESS\" }, \"client_id\": \"CLIENT_ID\", \"connection_id\": \"CONNECTION_ID\", \"ttl_sec\": \"EXP_TIME\", \"roles\": [ \"ROLE_ID\", \"ROLE_ID\", \"ROLE_ID\" ], \"send_invitation_email\": \"SEND_EMAIL_INVITATION_OPTION\" }"
}
}Was this helpful?
Find Your Auth0 Domain
If your Auth0 domain is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus .auth0.com. For example, if your tenant name were travel0, your Auth0 domain name would be travel0.us.auth0.com. (If your tenant were in the US and created before June 2020, then your domain name would be https://travel0.auth0.com.)
If you are using custom domains, this should be your custom domain name.
| Value | Description |
|---|---|
ORG_ID |
ID of the organization for which you want to assign membership. |
MGMT_API_ACCESS_TOKEN |
Access Token for the Management API with the scope create:organization_invitations. |
NAME_OF_USER |
Name of the user to whom you want to send the invitation. Maximum of 300 characters. |
EMAIL_ADDRESS |
Email address to which the invitation should be sent. |
CLIENT_ID |
ID of the application to which the invited user should authenticate. |
CONNECTION_ID |
ID of the connection through which the invited member should authenticate. |
EXP_TIME |
Number of seconds before the invitation expires. If unspecified or set to 0, defaults to 604800 seconds (7 days). Maximum of 2592000 seconds (30 days). |
ROLE_ID |
ID of the role(s) you want to assign to the invited user for the specified organization. Maximum of 50 roles per member. |
SEND_INVITATION_EMAIL_OPTION |
Indicates whether Auth0 should send the email. Values are true or false. When set to false, Auth0 will generate an invitation URL that you can deliver to users through your own email service. |
Response status codes
Possible response status codes are as follows:
| Status code | Error code | Message | Cause |
|---|---|---|---|
200 |
Invitation successfully created. | ||
400 |
invalid_body |
The specified client_id does not exist. | The request payload is not valid. |
400 |
invalid_body |
The specified connection does not exist. | The request payload is not valid. |
400 |
invalid_body |
Passwordless connections are not supported. | The request payload is not valid. |
400 |
invalid_body |
A default login route is required to generate the invitation url. To learn more, see Configure default login routes. | The request payload is not valid. |
400 |
invalid_body |
One or more of the specified roles do not exist: role1, role2'. | The request payload is not valid. |
400 |
invalid_body |
Invalid request body. The message will vary depending on the cause. | The request payload is not valid. |
400 |
invalid_query_string |
Invalid request query string. The message will vary depending on the cause. | The query string is not valid. |
401 |
Invalid token. | ||
401 |
Invalid signature received for JSON Web Token validation. | ||
401 |
Client is not global. | ||
403 |
insufficient_scope |
Insufficient scope; expected any of: create:organization_invitations. |
Tried to read/write a field that is not allowed with provided bearer token scopes. |
404 |
No organization found by that id. | ||
429 |
Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. |