When attempting to create a new user in Auth0 through the Management API or the Dashboard, the following error may be encountered:

Sandbox error.

This generic error indicates that a custom Action script has intentionally blocked the user's registration. The specific reason for the failure can be found by inspecting the detailed logs in the Auth0 tenant.

• Management API
• Actions

The root cause of a Sandbox error during user creation is a Pre-User-Registration Action that executes an api.access.deny() command.

No matter how the user is created—whether via the Management API or directly in the Auth0 Dashboard—the immediate response will be a Sandbox error. This is the standard error returned by the Auth0 runtime when an Action terminates the flow.

To understand why the sandbox error occurred, please take a look at the tenant logs. For every Sandbox error generated this way, a corresponding PreUserRegistrationError log entry is created. This specific log provides context and includes the reason passed to the api.access.deny() function within the script.

This is expected behavior, allowing for programmatically rejecting a registration based on custom logic while providing detailed logs for diagnostics.

To resolve this issue, identify the Pre-User-Registration Action that is blocking the signup and review its logic.

Check Tenant Logs

1. 1. The first step is to find the specific error details. Navigate to Dashboard > Monitoring > Logs.
   2. Look for a "Failed Signup" event with the description "PreUserRegistrationError on pre-user-registration". This log will contain the specific reason provided in the Action's api.access.deny() call, confirming the cause and pointing to the right script.

Identify and Review the Action

1. 1. Navigate to Dashboard > Actions > Triggers.
   2. Select the Pre User Registration trigger.
   3. Examine the custom Action(s) attached to this trigger. Open the script that the log investigation pointed to.

Modify the Action Script

1. 1. Locate the api.access.deny() call within the script.
   2. Analyze the conditional logic that triggers it. The script may be designed to block users based on their email domain, IP address, a failed CAPTCHA, or other custom criteria.
   3. If users receiving this error should be allowed to register, update the script to prevent api.access.deny() from being called for those users.
   4. If the block is intentional but improved logging is desired, a more descriptive reason can be provided within the deny method: api.access.deny('Descriptive reason for the logs');.

By inspecting the "PreUserRegistrationError" in the logs and adjusting the logic in the Pre-User-Registration Action, the Sandbox error can be troubleshooted and resolved.