Skip to main content

Auth0 Credential Setup

Who this is for

Admins configuring the Auth0 connector in Owlie.

Goal

Create Auth0 Management API credentials and copy the exact values Owlie requires.

Prereqs

  • Auth0 tenant admin access
  • Access to /admin/integrations/auth0 in Owlie

Success criteria

The Auth0 connector test connection succeeds in Owlie.

Steps

  1. Identify your Auth0 tenant domain (for example tenant.us.auth0.com).
  2. In Auth0, go to Applications > Applications and create a new Machine to Machine application.
  3. Authorize the application for Auth0 Management API.
  4. Grant only the scopes needed by the connector capabilities you will use.
  5. Copy the application's Client ID and Client Secret.
  6. In Owlie, open /admin/integrations/auth0 and fill:
    • Auth0 Domain: your tenant domain only (no https://)
    • Client ID: Auth0 application client ID
    • Client Secret: Auth0 application client secret
    • Scopes: space-delimited scopes
  7. Run Test connection.

Minimal scopes for full Auth0 connector support

read:users create:users update:users delete:users read:roles create:roles update:roles delete:roles read:organizations create:organizations update:organizations delete:organizations read:organization_members create:organization_members delete:organization_members

Read-only scope set (sync only)

read:users read:roles read:organizations read:organization_members

When to use broader scopes

  • Keep the read-only set if you only ingest data.
  • Add create/update/delete scopes only if you will provision users, roles, organizations, or memberships from Owlie.

Impact and risks

  • Over-scoped clients increase blast radius if a secret leaks.
  • Missing scopes cause 403 insufficient_scope errors during test/sync/provisioning.

Troubleshooting

  • 401 Unauthorized: verify Client ID, Client Secret, and tenant domain.
  • 403 insufficient_scope: add the missing Management API scope and retry.
  • Connection still fails: confirm the M2M app is authorized against Auth0 Management API (not a custom API).

References

Next steps

  • /integrations
  • /implement/setup/first-connector