Auth0 Connector Guide

The Auth0 connector helps Tealfabric workflows automate identity lifecycle tasks through the Auth0 Management API. It is useful for account provisioning, metadata synchronization, and access-governance workflows where user state must stay aligned across systems.

Document information
FieldValue
Canonical URL/docs/04_connecting-systems/connectors/a/auth0
Version (published date)2026-05-08
Tagsconnectors, reference, auth0
Connector IDauth0-1.0.0

Auth0 connector workflow showing machine-to-machine token issuance, user provisioning calls, and user directory retrieval feeding workflow automation.

Configuration and authentication

Before configuring this connector, create a machine-to-machine application in Auth0 and authorize it for the Management API with only the scopes you need. Use the full tenant domain and keep client secrets rotated under your security policy. The connector uses client credentials flow and handles token lifecycle automatically.

  • domain (required): Full Auth0 domain, for example your-tenant.auth0.com.
  • client_id (required): Management API machine-to-machine client ID.
  • client_secret (required): Client secret for the M2M application.
  • timeout_seconds (optional): Request timeout in seconds, default 30.

The test operation validates required configuration parameters. send, receive, and execute obtain a Management API token at runtime without upfront config validation (matching legacy behavior).

Management API paths are relative to /api/v2/ — use users, not api/v2/users.

Provision users with send

Use send to create or update user records in Auth0. Keep the connection name and metadata schema consistent to avoid downstream authorization and profile-mapping errors.

const baseUrl = "https://api.example.com/api/v1";
const tenantId = "<TENANT_ID>";
const apiKey = "<API_KEY>";

async function createManagedUser(integrationId: string) {
  const response = await fetch(`${baseUrl}/integrations/${encodeURIComponent(integrationId)}/execute`, {
    method: "POST",
    headers: {
      "X-API-Key": apiKey,
      "X-Tenant-ID": tenantId,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      operation: "send",
      endpoint: "users",
      method: "POST",
      data: {
        email: "new.user@example.com",
        password: "StrongPass!234",
        connection: "Username-Password-Authentication",
        email_verified: false,
        user_metadata: {
          department: "Operations",
          source_system: "tealfabric",
        },
      },
    }),
  });
  if (!response.ok) throw new Error(`Request failed: ${response.status}`);
  const payload = await response.json();
  return payload.data?.result;
}
curl -X POST "https://api.example.com/api/v1/integrations/<ENTITY_ID>/execute" \
  -H "X-API-Key: <API_KEY>" \
  -H "X-Tenant-ID: <TENANT_ID>" \
  -H "Content-Type: application/json" \
  -d '{
    "operation": "send",
    "endpoint": "users",
    "method": "POST",
    "data": {
      "email": "new.user@example.com",
      "password": "StrongPass!234",
      "connection": "Username-Password-Authentication",
      "email_verified": false,
      "user_metadata": {
        "department": "Operations",
        "source_system": "tealfabric"
      }
    }
  }'
{
  "success": true,
  "data": {
    "message": "Auth0 operation completed successfully",
    "result": {
      "user_id": "auth0|<ENTITY_ID>",
      "email": "new.user@example.com"
    }
  }
}

Retrieve user sets with receive

Use receive to query users for reconciliation, role assignment, and lifecycle automation. Pagination and field filtering help keep identity jobs efficient and within rate limits. List endpoints return an items array; single-object responses are wrapped in a one-element array.

const baseUrl = "https://api.example.com/api/v1";
const tenantId = "<TENANT_ID>";
const apiKey = "<API_KEY>";

async function listOperationsUsers(integrationId: string) {
  const response = await fetch(`${baseUrl}/integrations/${encodeURIComponent(integrationId)}/execute`, {
    method: "POST",
    headers: {
      "X-API-Key": apiKey,
      "X-Tenant-ID": tenantId,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      operation: "receive",
      endpoint: "users",
      query: {
        q: 'user_metadata.department:"Operations"',
        page: 0,
        per_page: 25,
        include_totals: true,
      },
    }),
  });
  if (!response.ok) throw new Error(`Request failed: ${response.status}`);
  const payload = await response.json();
  return payload.data?.items ?? [];
}
curl -X POST "https://api.example.com/api/v1/integrations/<ENTITY_ID>/execute" \
  -H "X-API-Key: <API_KEY>" \
  -H "X-Tenant-ID: <TENANT_ID>" \
  -H "Content-Type: application/json" \
  -d '{
    "operation": "receive",
    "endpoint": "users",
    "query": {
      "q": "user_metadata.department:\"Operations\"",
      "page": 0,
      "per_page": 25,
      "include_totals": true
    }
  }'
{
  "success": true,
  "data": {
    "message": "Auth0 data retrieved successfully",
    "item_count": 1,
    "items": [
      {
        "user_id": "auth0|<ENTITY_ID>",
        "email": "new.user@example.com"
      }
    ]
  }
}

Test connection with test

Use test to validate credentials and Management API access. The connector obtains a client-credentials token and calls GET tenants/settings.

{
  "success": true,
  "data": {
    "message": "Auth0 connection test successful",
    "details": {
      "domain": "your-tenant.auth0.com"
    }
  }
}

Reliability guidance

Most integration failures are caused by missing management scopes, tenant-domain mismatches, or API rate limits. Validate scopes and credentials with test, use pagination in user sync jobs, and apply backoff for 429 responses. These practices keep identity automation stable and auditable.

Additional resources