Skip to main content
You can send organization membership invitations to users using either the or the .

Auth0 Dashboard

To invite members via the Auth0 Dashboard:
  1. Navigate to Auth0 Dashboard > Organizations, and select the organization for which you want to configure membership.
  2. Select the Invitations view, and select Invite Members.
  3. Select the Application to which you would like to invite the member, enter the email address of the user you would like to invite to the organization, and select Send Invite(s).
    Optionally, you can specify the connection with which you want users to accept the invitation, and roles you want assigned to the organization member when they accept.
If you enable Multiple Custom Domains, you have the option to select Domain under the Send Invite(s) section to select the notification domain for your tenant.

Management API

If you are exposing the invitation feature from an admin dashboard you have customized for your application, use a confidential application to validate the authenticated user belongs to an organization before inviting new members, or you can restrict users from inviting new members unless they are assigned a specific role.
To invite members via the Management API: Make a POST call to the Create Organization Invitations endpoint. Be sure to replace ORG_ID, MGMT_API_ACCESS_TOKEN, NAME_OF_USER, EMAIL_ADDRESS, CLIENT_ID, CONNECTION_ID, EXP_TIME, ROLE_ID, and SEND_INVITATION_EMAIL_OPTION placeholder values with your organization ID, Management API , name of invited user, email address of invited user, , connection ID, expiration time, and role IDs, respectively. 
{
  "method": "POST",
  "url": "https://YOUR_AUTH0_DOMAIN/api/v2/organizations/ORG_ID/invitations",
"headers": [
  { "name": "Content-Type", "value": "application/json" },
  { "name": "Authorization", "value": "Bearer MGMT_API_ACCESS_TOKEN" },
  { "name": "Cache-Control", "value": "no-cache" }
  ],
  "postData": {
  "mimeType": "application/json",
  "text" : "{ \"inviter\": { \"name\": \"NAME_OF_USER\"}, \"invitee\": { \"email\": \"EMAIL_ADDRESS\" }, \"client_id\": \"CLIENT_ID\", \"connection_id\": \"CONNECTION_ID\", \"ttl_sec\": \"EXP_TIME\", \"roles\": [ \"ROLE_ID\", \"ROLE_ID\", \"ROLE_ID\" ], \"send_invitation_email\": \"SEND_EMAIL_INVITATION_OPTION\" }"
  }
}
If you enable Multiple Custom Domains, you need to include the auth0-custom-domain HTTP header. To learn more, review Multiple Custom Domains.
Find Your Auth0 DomainIf your Auth0 domain is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus .auth0.com. For example, if your tenant name were travel0, your Auth0 domain name would be travel0.us.auth0.com. (If your tenant were in the US and created before June 2020, then your domain name would be https://travel0.auth0.com.)If you are using custom domains, this should be your custom domain name.
ValueDescription
ORG_IDID of the organization for which you want to assign membership.
MGMT_API_ACCESS_TOKENAccess Token for the Management API with the scope create:organization_invitations.
NAME_OF_USERName of the user to whom you want to send the invitation. Maximum of 300 characters.
EMAIL_ADDRESSEmail address to which the invitation should be sent.
CLIENT_IDID of the application to which the invited user should authenticate.
CONNECTION_IDID of the connection through which the invited member should authenticate.
EXP_TIMENumber of seconds before the invitation expires. If unspecified or set to 0, defaults to 604800 seconds (7 days). Maximum of 2592000 seconds (30 days).
ROLE_IDID of the role(s) you want to assign to the invited user for the specified organization. Maximum of 50 roles per member.
SEND_INVITATION_EMAIL_OPTIONIndicates whether Auth0 should send the email. Values are true or false. When set to false, Auth0 will generate an invitation URL that you can deliver to users through your own email service.

Response status codes

Possible response status codes are as follows:
Status codeError codeMessageCause
200Invitation successfully created.
400invalid_bodyThe specified client_id does not exist.The request payload is not valid.
400invalid_bodyThe specified connection does not exist.The request payload is not valid.
400invalid_bodyPasswordless connections are not supported.The request payload is not valid.
400invalid_bodyA default login route is required to generate the invitation url. To learn more, see Configure default login routes.The request payload is not valid.
400invalid_bodyOne or more of the specified roles do not exist: role1, role2’.The request payload is not valid.
400invalid_bodyInvalid request body. The message will vary depending on the cause.The request payload is not valid.
400invalid_query_stringInvalid request query string. The message will vary depending on the cause.The query string is not valid.
401Invalid token.
401Invalid signature received for JSON Web Token validation.
401Client is not global.
403insufficient_scopeInsufficient scope; expected any of: create:organization_invitations.Tried to read/write a field that is not allowed with provided bearer token scopes.
404No organization found by that id.
429Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers.