Hi. We are evaluating Ory Network as a potential ...
# ory-networkd
dry-lifeguard-27011
08/04/2024, 1:40 PMHi. We are evaluating Ory Network as a potential Auth0 replacement. I'm curious about how Organizations work in Ory. In Auth0, users can belong to 0 or many orgs. After providing credentials, the user is allowed to select an Organization from a list if they belong to 1 or more. Upon selecting an Org, a specific permission set is applied to their access token and an
org_id🤔 1
s
steep-lamp-91158
08/05/2024, 8:07 AM
We have a so-called organizations feature, but it is not the same as Auth0's: https://www.ory.sh/docs/kratos/organizations/
It basically allows you to force users to use certain SSO providers.
Context: if you want to add social sign-in, you probably want the user to be able to select a provider, potentially link multiple, have other credential types like a password, ... In the context of SSO however you want to force certain users to always use the SSO provider. This is what our organizations allow you to do.
steep-lamp-91158
08/05/2024, 8:09 AM
As Ory is not strictly OAuth2 based, there are not always claims that you can include. What you can do is add what "groups" or "Auth0 organizations" a user belongs to in the identity metadata: https://www.ory.sh/docs/kratos/manage-identities/managing-users-identities-metadata#metadata. With that, you will get the list of IDs back on session checks, and you can also add it to the claims when using Ory OAuth2.
steep-lamp-91158
08/05/2024, 8:11 AM
However, there is no such "organization selection" screen, but you can build it yourself by using the metadata and a custom consent UI (OAuth2) or a custom cookie/... implementation (Identities).
d
dry-lifeguard-27011
08/05/2024, 2:47 PMExcellent information. Thank you!
s
steep-lamp-91158
08/05/2024, 2:48 PM
In case you need more details and discussion, please book a slot here: https://meetings-eu1.hubspot.com/vincent-kraus
👍 1
17 Views