feat: updates to my-org introduction

grandmaester · grandmaester · commit 94e5de4f8407 · 2026-03-11T14:20:26.000+05:30
diff --git a/main/docs/universal-components/my-organization/introduction.mdx b/main/docs/universal-components/my-organization/introduction.mdx
@@ -50,20 +50,16 @@ permalink: Introduction
 
 ## Setup Requirements
 
-Before using any My Organization components, you need to configure your Auth0 tenant with the proper APIs, applications, and permissions. Follow these steps to set up your environment:
+Before using any My Organization components, you need to configure your Auth0 tenant with the proper APIs, applications, and permissions. Follow these steps to set up your environment.
 
 <Info>
   **Auth0 Dashboard Configuration** - Complete all steps below before using My
   Organization components.
 </Info>
 
 <Steps>
-  <Step title="Activate the API">
-    Go to **APIs → My Organization API** and make sure it's enabled for your tenant.
-  </Step>
-
-  <Step title="Create SPA Application">
-    Go to **Applications → Create Application**:
+  <Step title="Create Application">
+    Go to **Dashboard → Applications → Create Application**:
 
     - Choose "Single Page Web Applications"
     - For development mode, add `http://localhost:5173` to:
@@ -79,26 +75,44 @@ Before using any My Organization components, you need to configure your Auth0 te
 
   </Step>
 
-  <Step title="Setup Client Configuration">
-    In **Applications → Your App → Settings**, configure the following:
+<Step title="Enable the My Organization API">
+  Navigate to **Dashboard → Applications → APIs** and select **My Organization
+  API**. Ensure it's enabled for your tenant.
+</Step>
 
-     **Advanced Settings Section:**
-    - **Grant Types**: Ensure "Authorization Code" and "Refresh Token" are enabled
-    - **Token Endpoint Authentication Method**: Set to "None" for SPA (or "Client Secret Post" for Regular Web App)
+  <Step title="Configure Application Access">
+    While still on the My Organization API page, select the **Application Access** tab and click **Edit** for your Application.
 
-    <Note>
-      These settings are required for My Organization components to function properly. The "Prompt after login" flow allows users to select which organization they want to access.
-    </Note>
+    Configure the following settings:
+    - **Connection Profile** (Optional) - Select or create a profile with connection attribute mappings
+    - **User Attribute Profile** (Optional) - Select or create a profile with user attribute mappings
+    - **Supported Identity Providers** - Enable providers your customers can use
+    - **Connection Deletion Behavior** - Choose **Allow** or **Allow if Empty**
+    - **User Access Authorization** - Choose **Unauthorized**, **Authorized**, or **All**
+    - **Client Credential Access Authorization** - Choose **Unauthorized**, **Authorized**, or **All**
+
+    Select **Save** to save the settings.
+
+    <Accordion title="Configuration Options Reference">
+      **Connection Deletion Behavior**
+      - **Allow**: Users can delete connections, which deletes all users from that connection.
+      - **Allow if Empty**: Users can only delete connections with no users.
+
+      **User Access Authorization / Client Credential Access Authorization**
+      - **Unauthorized**: No permissions allowed.
+      - **Authorized**: Select specific permissions.
+      - **All**: Include all existing and future permissions.
+    </Accordion>
 
   </Step>
 
 <Step title="Setup Database & User">
-  - Create a Database connection - In Applications tab, enable your new SPA app
-  - Create a user in this database (for testing purposes)
+  - Create a Database connection - In the Applications tab, enable your new SPA
+  app - Create a user in this database (for testing purposes)
 </Step>
 
   <Step title="Setup Role">
-    Create a role or use existing (e.g., "Organization Admin") and add required permissions:
+    Create a role or use an existing one (e.g., "Organization Admin") and add the required permissions from the My Organization API.
 
     <Accordion title="Required Permissions">
       ```
@@ -125,6 +139,10 @@ Before using any My Organization components, you need to configure your Auth0 te
       ```
     </Accordion>
 
+    <Note>
+      The user's token will only include permissions that exist in both their assigned role and the User Access Authorization settings configured in the previous step.
+    </Note>
+
   </Step>
 
   <Step title="Create Organization">
@@ -135,46 +153,6 @@ Before using any My Organization components, you need to configure your Auth0 te
 
   </Step>
 
-  <Step title="Create Client Grant">
-    Create a client grant for the user & client pair to solve access control:
-
-    ```json
-    POST https://{{auth0_domain}}/api/v2/client-grants
-    {
-      "scope": [
-        "read:my_org:details",
-        "update:my_org:details",
-        "create:my_org:identity_providers",
-        "read:my_org:identity_providers",
-        "update:my_org:identity_providers",
-        "delete:my_org:identity_providers",
-        "update:my_org:identity_providers_detach",
-        "create:my_org:identity_providers_domains",
-        "delete:my_org:identity_providers_domains",
-        "read:my_org:domains",
-        "delete:my_org:domains",
-        "create:my_org:domains",
-        "update:my_org:domains",
-        "read:my_org:identity_providers_scim_tokens",
-        "create:my_org:identity_providers_scim_tokens",
-        "delete:my_org:identity_providers_scim_tokens",
-        "create:my_org:identity_providers_provisioning",
-        "read:my_org:identity_providers_provisioning",
-        "delete:my_org:identity_providers_provisioning",
-        "read:my_org:configuration"
-      ],
-      "client_id": "{{auth0_client_id}}",
-      "audience": "https://{{auth0_domain}}/my-organization/",
-      "subject_type": "user"
-    }
-    ```
-
-    <Note>
-      You need a Management API token to make this request. Get one from **Applications → APIs → Auth0 Management API → API Explorer**.
-    </Note>
-
-  </Step>
-
   <Step title="Configure Environment Variables">
     Create a `.env` file in your project with your Auth0 configuration. The exact variables depend on your application type.
 
@@ -200,7 +178,9 @@ Before using any My Organization components, you need to configure your Auth0 te
 </Steps>
 
 <Info>
-  You are responsible for ensuring that your use of the My Organization API and Embeddable UI Components comply with your security policies and applicable laws, including any permissions granted to your end users.
+  You are responsible for ensuring that your use of the My Organization API and
+  Embeddable UI Components comply with your security policies and applicable
+  laws, including any permissions granted to your end users.
 </Info>
 
 ## Quick Notes
