How it works
Universal Components use the My Organization API, which operates on user-scoped tokens, to create a Self-Service SSO Administrative Dashboard. When an administrator logs into your dashboard embedded in your application, the Auth0 SDK retrieves an access token containing Organization-specific scopes for admin privileges. The components use this token to call the API as the logged-in user, ensuring delegated administrators can only modify the specific Auth0 Organization to which they belong.Available components
Each component is mapped to specific endpoints within the My Organization API to perform administrative tasks.| Component | API endpoint |
|---|---|
| OrganizationDetailsEdit — Edit Organization name, display name, branding colors, and logo. | /my-org/details |
| SsoProviderTable — List, enable, disable, delete, and detach SSO identity providers. | /my-org/identity-providers |
| SsoProviderCreate — Multi-step wizard for creating SSO providers (Okta, ADFS, SAML, OIDC, Google Workspace, Azure AD, Ping Federate). | /my-org/identity-providers |
| SsoProviderEdit — Configure authentication settings, enable provisioning, and manage SCIM tokens and domain associations. | /my-org/identity-providers/{idp_id} |
| DomainTable — Create, verify, delete, and associate domains with identity providers. | /my-org/domains |
Configure Auth0 Dashboard
Before using any My Organization components, you need to configure your Auth0 tenant with the proper APIs, applications, and scopes.- React
- Next.js
- shadcn
Auth0 Dashboard Configuration—Complete all steps below before using My
Organization components.
Create the application
This example uses a Single Page Application (SPA). For server-side rendered React frameworks, refer to the Next.js tab.
- Navigate to Auth0 Dashboard > Applications > Applications. Select Create Application.
- Choose Single Page Web Applications.
-
In the Settings tab, add
http://localhost:5173to the following fields:- Allowed Callback URLs
- Allowed Logout URLs
-
Under Login Experience, select:
- Business users.
- (Optional) Prompt for Organization.
Enable the My Organization API
- Navigate to Dashboard > Applications > APIs.
- Select My Organization API and ensure it is enabled for your tenant.
Configure application access
- Navigate to the Application Access tab.
- Select Edit for your Application you want to use.
- Configure the following settings:
- Connection Profile: Select or create a profile with connection attribute mappings.
- User Attribute Profile: Select or create a profile with user attribute mappings.
- Supported Identity Providers: Enable providers your customers can use.
- Connection Deletion Behavior: Choose Allow or Allow if Empty.
- Allow: Users can delete connections, which deletes all users from that connection.
- Allow if Empty: Users can only delete connections with no users.
- User Access Authorization: Choose Unauthorized, Authorized, or All.
- Unauthorized: No permissions allowed.
- Authorized: Select specific permissions.
- All: Include all existing and future permissions.
- Client Credential Access Authorization: Choose Unauthorized, Authorized, or All.
- Select Save.
Set up the database and user
- Navigate to Auth0 Dashboard > Authentication > Database to create a database connection.
- Select the Applications tab of the connection, enable your new SPA application.
- Create a test user in this database for initial testing.
Set up the role
- Create a role (for example, “Organization Admin”).
- Add the required scopes from the My Organization API to the role.
Required Scopes
Required Scopes
The user’s token will only include permissions that exist in both their assigned role and the User Access Authorization settings configured in the previous step.
Create an Organization
- Navigate to Organizations > Create Organization.
- Configure the Auth0 Organization:
- In Members: Add your test user and assign the “Organization Admin” role.
- In Connections: Enable your database connection.
Configure environment variables
- Create a
.envfile in the root of your React project:
You are responsible for ensuring that your use of the My Organization API and Embeddable UI Components comply with your security policies and applicable
laws, including any permissions granted to your end users.
User must be authenticated and a member of the Auth0 Organization. Components automatically load Organization data from current user context. To learn more, read Auth0 Universal Components for installation and
Auth0ComponentProvider configuration