Machine-to-Machine Access to Organizations can be granted by directly associating a client grant to an organization or allowing access to any organization in the client grant settings. Both scenarios can be audited via the or the , where you can view or retrieve a list of client grants associated with an organization for an application. To learn more about how M2M access to Organizations permissions work, read Configure Your Application for M2M Access and Authorize M2M Access.
Use the Auth0 Dashboard and Management API to audit M2M access for client grants that are directly associated to an organization.
Auth0 Dashboard
Management API
To view the application client grants that have been authorized for a specific organization on the Auth0 Dashboard:
Navigate to Organizations and choose the organization you wish to inspect.
Select the Machine-to-Machine Access tab. You will get a paginated list of all the applications that can access an API for this organization via direct association.
Choose an applicationto review the authorized APIs listed for that application.
Client grants associated with an organization can be retrieved via the Organization Client Grants API endpoint:export const codeExample1 = curl -X GET --location "https://{yourDomain}/api/v2/organizations/{ORG_id}/client-grants/" \ --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN';Alternatively, if you want to retrieve information on applications that can access at least one of the API for an organization, you can use the q query parameter on the Get Clients API endpoint with the search term client_grant.organization_id:{organization_id}. Use the Lucene syntax, which is similar to the User Search Query Syntax.export const codeExample2 = curl -X GET --location "https://{yourDomain}/api/v2/clients?q=client_grant.organization_id%3Aorganization_id" \ --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN';
Use the Auth0 Dashboard and Management API to audit M2M access for applications that have access granted to any organization.
Auth0 Dashboard
Management API
Navigate to Organizations.
Select the Machine to Machine Access tab. You will get a paginated list of all the applications that can access at least one of the API for an organization.
Choose an application to review the authorized APIs listed for that application.
Client grants with the allow_any_organization parameter can be retrieved via the Get Client Grants API endpoint:export const codeExample3 = curl -X GET --location "https://{yourDomain}/api/v2/client-grants?allow_any_organization=true" \ --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN';Alternatively, if you want to retrieve information on applications that can access at least one of the APIs for any organization, you can use the q query parameter on the Get Client Grants API endpoint with the search term client_grant.allow_any_organization:true. Use the Lucene syntax, which is similar to the User Search Query Syntax.export const codeExample4 = curl -X GET --location "https://{yourDomain}/api/v2/clients?q=client_grant.allow_any_organization%3Atrue" \ --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN';
Machine-to-Machine Access for Organizations is also reflected in tenant logs. You can check the organization associated to the request in the corresponding seccft tenant log.The following code sample is an example seccft tenant log with organization information:
