When working with organizations programmatically, you may need to retrieve a list of roles assigned to a member of an organization. You can view the roles associated with an organization member using either the or the .

Auth0 Dashboard

  1. Navigate to Auth0 Dashboard > Organizations, and select the organization for which you want to view membership.
  2. Select the Members view, and select the user for whom you want to view roles.

Management API

Make a GET call to the Get Organization Member Roles endpoint. Be sure to replace the ORG_ID, USER_ID, and MGMT_API_ACCESS_TOKEN placeholder values with your organization ID, member’s user ID, and Management API , respectively. 
curl --request GET \
  --url 'https://{yourDomain}/api/v2/organizations/ORG_ID/members/USER_ID/roles' \
  --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN'
Find Your Auth0 DomainIf your Auth0 domain is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus .auth0.com. For example, if your tenant name were travel0, your Auth0 domain name would be travel0.us.auth0.com. (If your tenant were in the US and created before June 2020, then your domain name would be https://travel0.auth0.com.)If you are using custom domains, this should be your custom domain name.
ValueDescription
ORG_IDID of the organization for which you want to retrieve a member’s roles.
USER_IDUser ID of the member for which you want to retrieve roles.
MGMT_API_ACCESS_TOKENAccess Token for the Management API with the scope read:organization_member_roles.

Response status codes

Possible response status codes are as follows:
Status codeError codeMessageCause
200Roles successfully retrieved.
400invalid_query_stringInvalid request query string. The message will vary depending on the cause.The query string is not valid.
401Invalid token.
401Invalid signature received for JSON Web Token validation.
401Client is not global.
403insufficient_scopeInsufficient scope; expected any of: read:organization_member_roles.Tried to read/write a field that is not allowed with provided bearer token scopes.
429Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers.