feat: add organization authentication notes for Connected Accounts flow#1041
Open
eduwp90 wants to merge 2 commits into
Open
feat: add organization authentication notes for Connected Accounts flow#1041eduwp90 wants to merge 2 commits into
eduwp90 wants to merge 2 commits into
Conversation
Contributor
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
forrest-ua
approved these changes
Apr 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
feat: add organization authentication notes for Connected Accounts flow
Description
The changes add extra information on how organizations affect the connected accounts/token vault flows
1. Token Vault — Intro paragraph rewording
File:
auth4genai/intro/token-vault.mdxThe intro now says "including when the user signs in through an Auth0 Organization" instead of "Once an AI agent has authenticated a user with a supported external provider".
2. Token Vault — New "Using Token Vault with Organizations" section
File:
auth4genai/intro/token-vault.mdxA new section was added between the flow description and "What is Token Vault". It explains that Organizations define session context, Connected Accounts link to the individual user profile, and Token Vault does not create a shared organization account.
3. Token Vault — "How it works" step 1 rewording
File:
auth4genai/intro/token-vault.mdxStep 1 now explains that the user authenticates to the application first (including via Organizations) before the AI agent triggers the Connected Accounts flow.
4. Integrations overview — New Note before Steps
File:
auth4genai/intro/integrations.mdxA
<Note>was added before the setup Steps, telling org-enabled apps to configure the Connection the same way but have the user sign in to the correct organization first.5. Intro / Call Others' APIs — New Note after intro
File:
auth4genai/intro/call-others-apis-on-users-behalf.mdxA
<Note>clarifies that Organizations affect session context, but Token Vault still exchanges tokens for the individual signed-in user.6. Get Started / Call Others' APIs — New Note before quickstart
File:
auth4genai/get-started/call-others-apis-on-users-behalf.mdxA
<Note>tells org-enabled readers to authenticate in the target organization before initiating the Connected Accounts flow.7-9. How-To pages — Account Linking section replaced with shared snippet
Files:
check-google-calendar-availability.mdx,list-github-repositories.mdx,list-slack-channels.mdxThe inline Account Linking text was replaced with
<AccountLinking connectionLabel="Google|GitHub|Slack" />from the shared snippetsnippets/how-tos/account-linking.mdx.The new snippet adds:
Before (shown below — old inline text on all three pages):
10. Google Integration — New Organization Note
File:
auth4genai/integrations/google.mdxA
<Note>was added after the setup Steps, before "Test connection", explaining that each organization member authorizes their own Google account.11. GitHub Integration — New Organization Note
File:
auth4genai/integrations/github.mdxSame pattern:
<Note>added after Steps, before "Token Vault configuration Example".12. Slack Integration — New Organization Note + text fix
File:
auth4genai/integrations/slack.mdx<Note>added after Steps. Also fixes a copy-paste bug: the Token Vault config text previously said "GitHub" instead of "Slack".13. OAuth2 Integration — New Organization Note
File:
auth4genai/integrations/oauth2.mdx<Note>added before "Learn more", explaining the org-aware setup pattern for custom OAuth2 connections.Shared snippets (propagate through includes)
These snippets are included in the pages above:
snippets/how-tos/account-linking.mdxsnippets/integrations/learn-more.mdxsnippets/integrations/NextStepsBlock.mdxsnippets/integrations/next-step.mdxChanges in
docs/main1. Token Vault Overview — New "Use with Organizations" section
File:
main/docs/secure/call-apis-on-users-behalf/token-vault.mdxA new section was added between "How it works" and "Supported token exchanges". It explains that Organizations define the session context, Connected Accounts link to the individual user profile, and Token Vault does not create a shared organization account.
2. Connected Accounts for Token Vault — New Note in "How it works"
File:
main/docs/secure/call-apis-on-users-behalf/token-vault/connected-accounts-for-token-vault.mdxA
<Note>was added in the "How it works" section, before the flow diagram, advising users to sign in to the correct organization before initiating the Connected Accounts flow.3. Configure Token Vault — New Note in "Configure Connected Accounts"
File:
main/docs/secure/call-apis-on-users-behalf/token-vault/configure-token-vault.mdxA
<Note>was added in the "Configure Connected Accounts for Token Vault" section explaining that the connection is configured the same way, but the user must sign in to the correct organization first. Connected account and stored tokens remain tied to the user's Auth0 profile.4. Refresh Token Exchange — Step 1 updated with org context
File:
main/docs/secure/call-apis-on-users-behalf/token-vault/refresh-token-exchange-with-token-vault.mdxStep 1 ("Connect and authorize access") now mentions that if the application uses Organizations, the user signs in to the target organization before continuing with the Connected Accounts flow.
5. Access Token Exchange — Step 1 updated with org context
File:
main/docs/secure/call-apis-on-users-behalf/token-vault/access-token-exchange-with-token-vault.mdxSame pattern as the refresh token exchange: Step 1 now mentions that if the application uses Organizations, the user signs in to the target organization before continuing.
Not changed
privileged-worker-token-exchange-with-token-vault.mdxReferences
JIRA TICKET
Checklist
CONTRIBUTING.md.