Send Organization Membership Invitations

You can send organization membership invitations to users using either the Auth0 Dashboard or the Management API.

Auth0 Dashboard

To invite members via the Auth0 Dashboard:

  1. Navigate to Auth0 Dashboard > Organizations, and select the organization for which you want to configure membership.

  2. Select the Invitations view, and select Invite Members.

  3. Select the Application to which you would like to invite the member, enter the email address of the user you would like to invite to the organization, and select Send Invite(s).

    Optionally, you can specify the connection with which you want users to accept the invitation, and roles you want assigned to the organization member when they accept.

Management API

If you are exposing the invitation feature from an admin dashboard you have custom developed for your application, be sure to use a confidential application to validate that the authenticated user is inviting new members to an organization to which they already belong, or restrict the ability to invite others to only members with a specific assigned role.

To invite members via the Management API: Make a POST call to the Create Organization Invitations endpoint. Be sure to replace ORG_ID, MGMT_API_ACCESS_TOKEN, NAME_OF_USER, EMAIL_ADDRESS, CLIENT_ID, CONNECTION_ID, EXP_TIME, ROLE_ID, and SEND_INVITATION_EMAIL_OPTION placeholder values with your organization ID, Management API Access Token, name of invited user, email address of invited user, client ID, connection ID, expiration time, and role IDs, respectively.

{
  "method": "POST",
  "url": "https://YOUR_AUTH0_DOMAIN/api/v2/organizations/ORG_ID/invitations",
"headers": [
  { "name": "Content-Type", "value": "application/json" },
  { "name": "Authorization", "value": "Bearer MGMT_API_ACCESS_TOKEN" },
  { "name": "Cache-Control", "value": "no-cache" }
  ],
  "postData": {
  "mimeType": "application/json",
  "text" : "{ \"inviter\": { \"name\": \"NAME_OF_USER\"}, \"invitee\": { \"email\": \"EMAIL_ADDRESS\" }, \"client_id\": \"CLIENT_ID\", \"connection_id\": \"CONNECTION_ID\", \"ttl_sec\": \"EXP_TIME\", \"roles\": [ \"ROLE_ID\", \"ROLE_ID\", \"ROLE_ID\" ], \"send_invitation_email\": \"SEND_EMAIL_INVITATION_OPTION\" }"
  }
}

Find Your Auth0 Domain

If your Auth0 domain is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus .auth0.com. For example, if your tenant name were travel0, your Auth0 domain name would be travel0.us.auth0.com. (If your tenant were in the US and created before June 2020, then your domain name would be https://travel0.auth0.com.)

If you are using custom domains, this should be your custom domain name.

Value Description
ORG_ID ID of the organization for which you want to assign membership.
MGMT_API_ACCESS_TOKEN Access Token for the Management API with the scope create:organization_invitations.
NAME_OF_USER Name of the user to whom you want to send the invitation. Maximum of 300 characters.
EMAIL_ADDRESS Email address to which the invitation should be sent.
CLIENT_ID ID of the application to which the invited user should authenticate.
CONNECTION_ID ID of the connection through which the invited member should authenticate.
EXP_TIME Number of seconds before the invitation expires. If unspecified or set to 0, defaults to 604800 seconds (7 days). Maximum of 2592000 seconds (30 days).
ROLE_ID ID of the role(s) you want to assign to the invited user for the specified organization. Maximum of 50 roles per member.
SEND_INVITATION_EMAIL_OPTION Indicates whether Auth0 should send the email. Values are true or false. When set to false, Auth0 will generate an invitation URL that you can deliver to users through your own email service.

Response status codes

Possible response status codes are as follows:

Status code Error code Message Cause
200 Invitation successfully created.
400 invalid_body The specified client_id does not exist. The request payload is not valid.
400 invalid_body The specified connection does not exist. The request payload is not valid.
400 invalid_body Passwordless connections are not supported. The request payload is not valid.
400 invalid_body A default login route is required to generate the invitation url. To learn more, see Configure default login routes. The request payload is not valid.
400 invalid_body One or more of the specified roles do not exist: role1, role2'. The request payload is not valid.
400 invalid_body Invalid request body. The message will vary depending on the cause. The request payload is not valid.
400 invalid_query_string Invalid request query string. The message will vary depending on the cause. The query string is not valid.
401 Invalid token.
401 Invalid signature received for JSON Web Token validation.
401 Client is not global.
403 insufficient_scope Insufficient scope; expected any of: create:organization_invitations. Tried to read/write a field that is not allowed with provided bearer token scopes.
404 No organization found by that id.
429 Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers.