diff --git a/reference.md b/reference.md
index ea29afbb5..590850d31 100644
--- a/reference.md
+++ b/reference.md
@@ -534,7 +534,7 @@ await client.Branding.UpdateAsync(new UpdateBrandingRequestContent());
 <dl>
 <dd>
 
-Retrieve a list of <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grants</a>, including the scopes associated with the application/API pair.
+Retrieve a list of [client grants](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the scopes associated with the application/API pair.
 </dd>
 </dl>
 </dd>
@@ -599,7 +599,7 @@ await client.ClientGrants.ListAsync(
 <dl>
 <dd>
 
-Create a client grant for a machine-to-machine login flow. To learn more, read <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a>.
+Create a client grant for a machine-to-machine login flow. To learn more, read [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow).
 </dd>
 </dl>
 </dd>
@@ -655,7 +655,7 @@ await client.ClientGrants.CreateAsync(
 <dl>
 <dd>
 
-Retrieve a single <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grant</a>, including the
+Retrieve a single [client grant](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the
 scopes associated with the application/API pair.
 </dd>
 </dl>
@@ -710,7 +710,7 @@ await client.ClientGrants.GetAsync("id");
 <dl>
 <dd>
 
-Delete the <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a> from your machine-to-machine application.
+Delete the [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow) from your machine-to-machine application.
 </dd>
 </dl>
 </dd>
@@ -828,38 +828,30 @@ await client.ClientGrants.UpdateAsync("id", new UpdateClientGrantRequestContent(
 <dd>
 
 Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified.
-For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
+For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
 
-<ul>
-  <li>
-    The following can be retrieved with any scope:
-    <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-  </li>
-  <li>
-    The following properties can only be retrieved with the <code>read:clients</code> or
-    <code>read:client_keys</code> scope:
-    <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-    <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-    <code>callback_url_template</code>, <code>jwt_configuration</code>,
-    <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-    <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-    <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-    <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-    <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-    <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-    <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-    <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-    <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-    <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-    <code>organization_require_behavior</code>.
-  </li>
-  <li>
-    The following properties can only be retrieved with the
-    <code>read:client_keys</code> or <code>read:client_credentials</code> scope:
-    <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-    <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-  </li>
-</ul>
+- The following can be retrieved with any scope:
+    `client_id`, `app_type`, `name`, and `description`.
+- The following properties can only be retrieved with the `read:clients` or
+    `read:client_keys` scope:
+    `callbacks`, `oidc_logout`, `allowed_origins`,
+    `web_origins`, `tenant`, `global`, `config_route`,
+    `callback_url_template`, `jwt_configuration`,
+    `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+    `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+    `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+    `custom_login_page_off`, `sso`, `addons`, `form_template`,
+    `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+    `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+    `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+    `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+    `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+    `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+    `organization_require_behavior`.
+- The following properties can only be retrieved with the
+    `read:client_keys` or `read:client_credentials` scope:
+    `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+    `client_secret`, `client_authentication_methods` and `signing_key`.
 </dd>
 </dl>
 </dd>
@@ -927,20 +919,20 @@ await client.Clients.ListAsync(
 <dl>
 <dd>
 
-Create a new client (application or SSO integration). For more information, read <a href="https://www.auth0.com/docs/get-started/auth0-overview/create-applications">Create Applications</a>
-<a href="https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on>">API Endpoints for Single Sign-On</a>. 
+Create a new client (application or SSO integration). For more information, read [Create Applications](https://www.auth0.com/docs/get-started/auth0-overview/create-applications)
+[API Endpoints for Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on).
 
 Notes: 
 - We recommend leaving the `client_secret` parameter unspecified to allow the generation of a safe secret.
-- The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use 
-<code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code>
+- The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use 
+`client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method`
 to configure the client with client secret (basic or post) or with no authentication method (none).
-- When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, specify fully defined credentials. 
+- When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, specify fully defined credentials. 
 These credentials will be automatically enabled for Private Key JWT authentication on the client. 
-- To configure <code>client_authentication_methods</code>, the <code>create:client_credentials</code> scope is required.
-- To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
+- To configure `client_authentication_methods`, the `create:client_credentials` scope is required.
+- To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
 
-<div class="alert alert-warning">SSO Integrations created via this endpoint will accept login requests and share user profile information.</div>
+SSO Integrations created via this endpoint will accept login requests and share user profile information.
 </dd>
 </dl>
 </dd>
@@ -1123,36 +1115,29 @@ await client.Clients.RegisterCimdClientAsync(
 <dd>
 
 Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified. 
-For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
-<ul>
-  <li>
-    The following properties can be retrieved with any of the scopes:
-    <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-  </li>
-  <li>
-    The following properties can only be retrieved with the <code>read:clients</code> or
-    <code>read:client_keys</code> scopes:
-    <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-    <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-    <code>callback_url_template</code>, <code>jwt_configuration</code>,
-    <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-    <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-    <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-    <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-    <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-    <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-    <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-    <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-    <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-    <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-    <code>organization_require_behavior</code>.
-  </li>
-  <li>
-    The following properties can only be retrieved with the <code>read:client_keys</code> or <code>read:client_credentials</code> scopes:
-    <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-    <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-  </li>
-</ul>
+For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+
+- The following properties can be retrieved with any of the scopes:
+    `client_id`, `app_type`, `name`, and `description`.
+- The following properties can only be retrieved with the `read:clients` or
+    `read:client_keys` scopes:
+    `callbacks`, `oidc_logout`, `allowed_origins`,
+    `web_origins`, `tenant`, `global`, `config_route`,
+    `callback_url_template`, `jwt_configuration`,
+    `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+    `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+    `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+    `custom_login_page_off`, `sso`, `addons`, `form_template`,
+    `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+    `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+    `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+    `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+    `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+    `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+    `organization_require_behavior`.
+- The following properties can only be retrieved with the `read:client_keys` or `read:client_credentials` scopes:
+    `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+    `client_secret`, `client_authentication_methods` and `signing_key`.
 </dd>
 </dl>
 </dd>
@@ -1271,15 +1256,15 @@ await client.Clients.DeleteAsync("id");
 <dl>
 <dd>
 
-Updates a client's settings. For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
+Updates a client's settings. For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
 
 Notes:
 - The `client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope.
-- The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code> to configure the client with client secret (basic or post) or with no authentication method (none).
-- When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
-- To configure <code>client_authentication_methods</code>, the <code>update:client_credentials</code> scope is required.
-- To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
-- To change a client's <code>is_first_party</code> property to <code>false</code>, the <code>organization_usage</code> and <code>organization_require_behavior</code> properties must be unset.
+- The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).
+- When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
+- To configure `client_authentication_methods`, the `update:client_credentials` scope is required.
+- To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
+- To change a client's `is_first_party` property to `false`, the `organization_usage` and `organization_require_behavior` properties must be unset.
 </dd>
 </dl>
 </dd>
@@ -1345,7 +1330,7 @@ Rotate a client secret.
 
 This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.
 
-For more information, read <a href="https://www.auth0.com/docs/get-started/applications/rotate-client-secret">Rotate Client Secrets</a>.
+For more information, read [Rotate Client Secrets](https://www.auth0.com/docs/get-started/applications/rotate-client-secret).
 </dd>
 </dl>
 </dd>
@@ -2704,7 +2689,7 @@ await client.CustomDomains.VerifyAsync("id");
 <dl>
 <dd>
 
-Retrieve device credential information (<code>public_key</code>, <code>refresh_token</code>, or <code>rotating_refresh_token</code>) associated with a specific user.
+Retrieve device credential information (`public_key`, `refresh_token`, or `rotating_refresh_token`) associated with a specific user.
 </dd>
 </dl>
 </dd>
@@ -2770,9 +2755,9 @@ await client.DeviceCredentials.ListAsync(
 <dl>
 <dd>
 
-Create a device credential public key to manage refresh token rotation for a given <code>user_id</code>. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
+Create a device credential public key to manage refresh token rotation for a given `user_id`. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
 
-When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read <a href="https://auth0.com/docs/get-started/tenant-settings/signing-keys"> Signing Keys</a>.
+When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read [Signing Keys](https://auth0.com/docs/get-started/tenant-settings/signing-keys).
 </dd>
 </dl>
 </dd>
@@ -3952,7 +3937,7 @@ await client.Forms.UpdateAsync("id", new UpdateFormRequestContent());
 <dl>
 <dd>
 
-Retrieve the <a href="https://auth0.com/docs/api-auth/which-oauth-flow-to-use">grants</a> associated with your account. 
+Retrieve the [grants](https://auth0.com/docs/api-auth/which-oauth-flow-to-use) associated with your account.
 </dd>
 </dl>
 </dd>
@@ -4016,7 +4001,7 @@ await client.UserGrants.ListAsync(
 <dl>
 <dd>
 
-Delete a grant associated with your account. 
+Delete a grant associated with your account.
 </dd>
 </dl>
 </dd>
@@ -4072,7 +4057,7 @@ await client.UserGrants.DeleteByUserIdAsync(
 <dl>
 <dd>
 
-Delete a grant associated with your account. 
+Delete a grant associated with your account.
 </dd>
 </dl>
 </dd>
@@ -5940,22 +5925,20 @@ await client.NetworkAcls.UpdateAsync("id", new UpdateNetworkAclRequestContent())
 Retrieve detailed list of all Organizations available in your tenant. For more information, see Auth0 Organizations.
 
 This endpoint supports two types of pagination:
-<ul>
-<li>Offset pagination</li>
-<li>Checkpoint pagination</li>
-</ul>
+
+- Offset pagination
+- Checkpoint pagination
 
 Checkpoint pagination must be used if you need to retrieve more than 1000 organizations.
 
-<h2>Checkpoint Pagination</h2>
+**Checkpoint Pagination**
 
 To search by checkpoint, use the following parameters:
-<ul>
-<li><code>from</code>: Optional id from which to start selection.</li>
-<li><code>take</code>: The total number of entries to retrieve when using the <code>from</code> parameter. Defaults to 50.</li>
-</ul>
 
-<b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+- `from`: Optional id from which to start selection.
+- `take`: The total number of entries to retrieve when using the `from` parameter. Defaults to 50.
+
+**Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 </dd>
 </dl>
 </dd>
@@ -6016,7 +5999,7 @@ await client.Organizations.ListAsync(
 <dl>
 <dd>
 
-Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review <a href="https://auth0.com/docs/manage-users/organizations/create-first-organization">Create Your First Organization</a>.
+Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review [Create Your First Organization](https://auth0.com/docs/manage-users/organizations/create-first-organization).
 </dd>
 </dl>
 </dd>
@@ -6124,7 +6107,7 @@ await client.Organizations.GetByNameAsync("name");
 <dl>
 <dd>
 
-Retrieve details about a single Organization specified by ID. 
+Retrieve details about a single Organization specified by ID.
 </dd>
 </dl>
 </dd>
@@ -6180,7 +6163,7 @@ await client.Organizations.GetAsync("id");
 
 Remove an Organization from your tenant.  This action cannot be undone. 
 
-<b>Note</b>: Members are automatically disassociated from an Organization when it is deleted. However, this action does <b>not</b> delete these users from your tenant.
+**Note**: Members are automatically disassociated from an Organization when it is deleted. However, this action does **not** delete these users from your tenant.
 </dd>
 </dl>
 </dd>
@@ -6234,7 +6217,7 @@ await client.Organizations.DeleteAsync("id");
 <dl>
 <dd>
 
-Update the details of a specific <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations">Organization</a>, such as name and display name, branding options, and metadata.
+Update the details of a specific [Organization](https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations), such as name and display name, branding options, and metadata.
 </dd>
 </dl>
 </dd>
@@ -8786,15 +8769,14 @@ await client.Tickets.ChangePasswordAsync(new ChangePasswordTicketRequestContent(
 
 Retrieve a list of all Token Exchange Profiles available in your tenant.
 
-By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
 This endpoint supports Checkpoint pagination. To search by checkpoint, use the following parameters:
-<ul>
-<li><code>from</code>: Optional id from which to start selection.</li>
-<li><code>take</code>: The total amount of entries to retrieve when using the from parameter. Defaults to 50.</li>
-</ul>
 
-<b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+- `from`: Optional id from which to start selection.
+- `take`: The total amount of entries to retrieve when using the from parameter. Defaults to 50.
+
+**Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 </dd>
 </dl>
 </dd>
@@ -8852,7 +8834,7 @@ await client.TokenExchangeProfiles.ListAsync(
 
 Create a new Token Exchange Profile within your tenant.
 
-By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 </dd>
 </dl>
 </dd>
@@ -8916,7 +8898,7 @@ await client.TokenExchangeProfiles.CreateAsync(
 
 Retrieve details about a single Token Exchange Profile specified by ID.
 
-By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 </dd>
 </dl>
 </dd>
@@ -8972,8 +8954,7 @@ await client.TokenExchangeProfiles.GetAsync("id");
 
 Delete a Token Exchange Profile within your tenant.
 
-By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
-
+By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 </dd>
 </dl>
 </dd>
@@ -9029,8 +9010,7 @@ await client.TokenExchangeProfiles.DeleteAsync("id");
 
 Update a Token Exchange Profile within your tenant.
 
-By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
-
+By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 </dd>
 </dl>
 </dd>
@@ -9494,7 +9474,7 @@ await client.UserAttributeProfiles.UpdateAsync(
 <dl>
 <dd>
 
-Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for a user with the given identifier (username, phone number, or email).
+Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for a user with the given identifier (username, phone number, or email).
 </dd>
 </dl>
 </dd>
@@ -9554,9 +9534,9 @@ await client.UserBlocks.ListByIdentifierAsync(
 <dl>
 <dd>
 
-Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given identifier (username, phone number, or email).
+Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given identifier (username, phone number, or email).
 
-Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 </dd>
 </dl>
 </dd>
@@ -9612,7 +9592,7 @@ await client.UserBlocks.DeleteByIdentifierAsync(
 <dl>
 <dd>
 
-Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 </dd>
 </dl>
 </dd>
@@ -9677,9 +9657,9 @@ await client.UserBlocks.ListAsync(
 <dl>
 <dd>
 
-Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 
-Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 </dd>
 </dl>
 </dd>
@@ -13165,7 +13145,7 @@ await client.ClientGrants.Organizations.ListAsync(
 
 Get the details of a client credential.
 
-<b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+**Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 </dd>
 </dl>
 </dd>
@@ -13221,37 +13201,61 @@ await client.Clients.Credentials.ListAsync("client_id");
 
 Create a client credential associated to your application. Credentials can be used to configure Private Key JWT and mTLS authentication methods, as well as for JWT-secured Authorization requests.
 
-<h5>Public Key</h5>Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+**Public Key**
 
-Sample: <pre><code>{
+Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+
+Sample: 
+
+```json
+{
   "credential_type": "public_key",
   "name": "string",
   "pem": "string",
   "alg": "RS256",
   "parse_expiry_from_cert": false,
   "expires_at": "2022-12-31T23:59:59Z"
-}</code></pre>
-<h5>Certificate (CA-signed & self-signed)</h5>Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+}
+```
+
+**Certificate (CA-signed & self-signed)**
+
+Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
 
-CA-signed Certificate Sample (pem): <pre><code>{
+CA-signed Certificate Sample (pem): 
+
+```json
+{
   "credential_type": "x509_cert",
   "name": "string",
   "pem": "string"
-}</code></pre>CA-signed Certificate Sample (subject_dn): <pre><code>{
+}
+```
+
+CA-signed Certificate Sample (subject_dn): 
+
+```json
+{
   "credential_type": "cert_subject_dn",
   "name": "string",
   "subject_dn": "string"
-}</code></pre>Self-signed Certificate Sample: <pre><code>{
+}
+```
+
+Self-signed Certificate Sample: 
+
+```json
+{
   "credential_type": "cert_subject_dn",
   "name": "string",
   "pem": "string"
-}</code></pre>
+}
+```
 
 The credential will be created but not yet enabled for use until you set the corresponding properties in the client:
-<ul>
-  <li>To enable the credential for Private Key JWT or mTLS authentication methods, set the <code>client_authentication_methods</code> property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-private-key-jwt">Configure Private Key JWT Authentication</a> and <a href="https://auth0.com/docs/get-started/applications/configure-mtls">Configure mTLS Authentication</a></li>
-  <li>To enable the credential for JWT-secured Authorization requests, set the <code>signed_request_object</code>property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-jar">Configure JWT-secured Authorization Requests (JAR)</a></li>
-</ul>
+
+- To enable the credential for Private Key JWT or mTLS authentication methods, set the `client_authentication_methods` property on the client. For more information, read [Configure Private Key JWT Authentication](https://auth0.com/docs/get-started/applications/configure-private-key-jwt) and [Configure mTLS Authentication](https://auth0.com/docs/get-started/applications/configure-mtls)
+- To enable the credential for JWT-secured Authorization requests, set the `signed_request_object`property on the client. For more information, read [Configure JWT-secured Authorization Requests (JAR)](https://auth0.com/docs/get-started/applications/configure-jar)
 </dd>
 </dl>
 </dd>
@@ -13318,7 +13322,7 @@ await client.Clients.Credentials.CreateAsync(
 
 Get the details of a client credential.
 
-<b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+**Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 </dd>
 </dl>
 </dd>
@@ -13517,15 +13521,10 @@ await client.Clients.Credentials.UpdateAsync(
 <dl>
 <dd>
 
-Retrieve all connections that are enabled for the specified <a href="https://www.auth0.com/docs/get-started/applications"> Application</a>, using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
-<ul>
-  <li>
-    This endpoint requires the <code>read:connections</code> scope and any one of <code>read:clients</code> or <code>read:client_summary</code>.
-  </li>
-  <li>
-    <b>Note</b>: The first time you call this endpoint, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no further results are remaining.
-  </li>
-</ul>
+Retrieve all connections that are enabled for the specified [Application](https://www.auth0.com/docs/get-started/applications), using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
+
+- This endpoint requires the `read:connections` scope and any one of `read:clients` or `read:client_summary`.
+- **Note**: The first time you call this endpoint, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no further results are remaining.
 </dd>
 </dl>
 </dd>
@@ -19901,7 +19900,7 @@ await client.Organizations.DiscoveryDomains.GetAsync("id", "discovery_domain_id"
 <dl>
 <dd>
 
-Remove a discovery domain from an organization. This action cannot be undone. 
+Remove a discovery domain from an organization. This action cannot be undone.
 </dd>
 </dl>
 </dd>
@@ -19963,7 +19962,7 @@ await client.Organizations.DiscoveryDomains.DeleteAsync("id", "discovery_domain_
 <dl>
 <dd>
 
-Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The <code>status</code> field must be either <code>pending</code> or <code>verified</code>. The <code>use_for_organization_discovery</code> field can be <code>true</code> or <code>false</code> (default: <code>true</code>).
+Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The `status` field must be either `pending` or `verified`. The `use_for_organization_discovery` field can be `true` or `false` (default: `true`).
 </dd>
 </dl>
 </dd>
@@ -20110,7 +20109,7 @@ await client.Organizations.EnabledConnections.ListAsync(
 
 Enable a specific connection for a given Organization. To enable a connection, it must already exist within your tenant; connections cannot be created through this action.
 
-<a href="https://auth0.com/docs/authenticate/identity-providers">Connections</a> represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
+[Connections](https://auth0.com/docs/authenticate/identity-providers) represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
 </dd>
 </dl>
 </dd>
@@ -20239,7 +20238,7 @@ await client.Organizations.EnabledConnections.GetAsync("id", "connectionId");
 
 Disable a specific connection for an Organization. Once disabled, Organization members can no longer use that connection to authenticate. 
 
-<b>Note</b>: This action does not remove the connection from your tenant.
+**Note**: This action does not remove the connection from your tenant.
 </dd>
 </dl>
 </dd>
@@ -20376,7 +20375,7 @@ await client.Organizations.EnabledConnections.UpdateAsync(
 <dl>
 <dd>
 
-Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>. 
+Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 </dd>
 </dl>
 </dd>
@@ -20449,7 +20448,7 @@ await client.Organizations.Invitations.ListAsync(
 <dl>
 <dd>
 
-Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>. 
+Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 </dd>
 </dl>
 </dd>
@@ -20631,14 +20630,8 @@ await client.Organizations.Invitations.DeleteAsync("id", "invitation_id");
 List organization members.
 This endpoint is subject to eventual consistency. New users may not be immediately included in the response and deleted users may not be immediately removed from it.
 
-<ul>
-  <li>
-    Use the <code>fields</code> parameter to optionally define the specific member details retrieved. If <code>fields</code> is left blank, all fields (except roles) are returned.
-  </li>
-  <li>
-    Member roles are not sent by default. Use <code>fields=roles</code> to retrieve the roles assigned to each listed member. To use this parameter, you must include the <code>read:organization_member_roles</code> scope in the token.
-  </li>
-</ul>
+- Use the `fields` parameter to optionally define the specific member details retrieved. If `fields` is left blank, all fields (except roles) are returned.
+- Member roles are not sent by default. Use `fields=roles` to retrieve the roles assigned to each listed member. To use this parameter, you must include the `read:organization_member_roles` scope in the token.
 
 This endpoint supports two types of pagination:
 
@@ -20647,9 +20640,9 @@ This endpoint supports two types of pagination:
 
 Checkpoint pagination must be used if you need to retrieve more than 1000 organization members.
 
-<h2>Checkpoint Pagination</h2>
+**Checkpoint Pagination**
 
-To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the <code>from</code> parameter. If there are more results, a <code>next</code> value will be included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, this indicates there are no more pages remaining.
+To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the `from` parameter. If there are more results, a `next` value will be included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, this indicates there are no more pages remaining.
 </dd>
 </dl>
 </dd>
@@ -20720,9 +20713,9 @@ await client.Organizations.Members.ListAsync(
 <dl>
 <dd>
 
-Set one or more existing users as members of a specific <a href="https://auth0.com/docs/manage-users/organizations">Organization</a>.
+Set one or more existing users as members of a specific [Organization](https://auth0.com/docs/manage-users/organizations).
 
-To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">invite them to create an account</a>, manually create them through the Auth0 Dashboard, or use the Management API.
+To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can [invite them to create an account](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members), manually create them through the Auth0 Dashboard, or use the Management API.
 </dd>
 </dl>
 </dd>
@@ -20826,8 +20819,8 @@ await client.Organizations.Members.DeleteAsync(
 </dl>
 </details>
 
-## Organizations Members Roles
-<details><summary><code>client.Organizations.Members.Roles.<a href="/src/Auth0.ManagementApi/Organizations/Members/Roles/RolesClient.cs">ListAsync</a>(id, userId, ListOrganizationMemberRolesRequestParameters { ... }) -> Pager&lt;Role&gt;</code></summary>
+## Organizations Groups
+<details><summary><code>client.Organizations.Groups.<a href="/src/Auth0.ManagementApi/Organizations/Groups/GroupsClient.cs">ListAsync</a>(organizationId, ListOrganizationGroupsRequestParameters { ... }) -> Pager&lt;Group&gt;</code></summary>
 <dl>
 <dd>
 
@@ -20839,9 +20832,7 @@ await client.Organizations.Members.DeleteAsync(
 <dl>
 <dd>
 
-Retrieve detailed list of roles assigned to a given user within the context of a specific Organization. 
-
-Users can be members of multiple Organizations with unique roles assigned for each membership. This action only returns the roles associated with the specified Organization; any roles assigned to the user within other Organizations are not included.
+Lists the groups that are assigned to the specified organization.
 </dd>
 </dl>
 </dd>
@@ -20856,15 +20847,9 @@ Users can be members of multiple Organizations with unique roles assigned for ea
 <dd>
 
 ```csharp
-await client.Organizations.Members.Roles.ListAsync(
-    "id",
-    "user_id",
-    new ListOrganizationMemberRolesRequestParameters
-    {
-        Page = 1,
-        PerPage = 1,
-        IncludeTotals = true,
-    }
+await client.Organizations.Groups.ListAsync(
+    "organization_id",
+    new ListOrganizationGroupsRequestParameters { From = "from", Take = 1 }
 );
 ```
 </dd>
@@ -20880,15 +20865,7 @@ await client.Organizations.Members.Roles.ListAsync(
 <dl>
 <dd>
 
-**id:** `string` — Organization identifier.
-    
-</dd>
-</dl>
-
-<dl>
-<dd>
-
-**userId:** `string` — ID of the user to associate roles with.
+**organizationId:** `string` — ID of the organization
     
 </dd>
 </dl>
@@ -20896,7 +20873,7 @@ await client.Organizations.Members.Roles.ListAsync(
 <dl>
 <dd>
 
-**request:** `ListOrganizationMemberRolesRequestParameters` 
+**request:** `ListOrganizationGroupsRequestParameters` 
     
 </dd>
 </dl>
@@ -20908,7 +20885,8 @@ await client.Organizations.Members.Roles.ListAsync(
 </dl>
 </details>
 
-<details><summary><code>client.Organizations.Members.Roles.<a href="/src/Auth0.ManagementApi/Organizations/Members/Roles/RolesClient.cs">AssignAsync</a>(id, userId, AssignOrganizationMemberRolesRequestContent { ... })</code></summary>
+## Organizations Groups Roles
+<details><summary><code>client.Organizations.Groups.Roles.<a href="/src/Auth0.ManagementApi/Organizations/Groups/Roles/RolesClient.cs">ListAsync</a>(organizationId, groupId, ListOrganizationGroupRolesRequestParameters { ... }) -> Pager&lt;Role&gt;</code></summary>
 <dl>
 <dd>
 
@@ -20920,9 +20898,7 @@ await client.Organizations.Members.Roles.ListAsync(
 <dl>
 <dd>
 
-Assign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> to a user to determine their access for a specific Organization.
-
-Users can be members of multiple Organizations with unique roles assigned for each membership. This action assigns roles to a user only for the specified Organization. Roles cannot be assigned to a user across multiple Organizations in the same call.
+Lists the roles assigned to the specified group in the context of an organization.
 </dd>
 </dl>
 </dd>
@@ -20937,10 +20913,10 @@ Users can be members of multiple Organizations with unique roles assigned for ea
 <dd>
 
 ```csharp
-await client.Organizations.Members.Roles.AssignAsync(
-    "id",
-    "user_id",
-    new AssignOrganizationMemberRolesRequestContent { Roles = new List<string>() { "roles" } }
+await client.Organizations.Groups.Roles.ListAsync(
+    "organization_id",
+    "group_id",
+    new ListOrganizationGroupRolesRequestParameters { From = "from", Take = 1 }
 );
 ```
 </dd>
@@ -20956,7 +20932,7 @@ await client.Organizations.Members.Roles.AssignAsync(
 <dl>
 <dd>
 
-**id:** `string` — Organization identifier.
+**organizationId:** `string` — ID of the organization
     
 </dd>
 </dl>
@@ -20964,7 +20940,7 @@ await client.Organizations.Members.Roles.AssignAsync(
 <dl>
 <dd>
 
-**userId:** `string` — ID of the user to associate roles with.
+**groupId:** `string` — ID of the group
     
 </dd>
 </dl>
@@ -20972,7 +20948,7 @@ await client.Organizations.Members.Roles.AssignAsync(
 <dl>
 <dd>
 
-**request:** `AssignOrganizationMemberRolesRequestContent` 
+**request:** `ListOrganizationGroupRolesRequestParameters` 
     
 </dd>
 </dl>
@@ -20984,7 +20960,7 @@ await client.Organizations.Members.Roles.AssignAsync(
 </dl>
 </details>
 
-<details><summary><code>client.Organizations.Members.Roles.<a href="/src/Auth0.ManagementApi/Organizations/Members/Roles/RolesClient.cs">DeleteAsync</a>(id, userId, DeleteOrganizationMemberRolesRequestContent { ... })</code></summary>
+<details><summary><code>client.Organizations.Groups.Roles.<a href="/src/Auth0.ManagementApi/Organizations/Groups/Roles/RolesClient.cs">CreateAsync</a>(organizationId, groupId, CreateOrganizationGroupRolesRequestContent { ... })</code></summary>
 <dl>
 <dd>
 
@@ -20996,9 +20972,7 @@ await client.Organizations.Members.Roles.AssignAsync(
 <dl>
 <dd>
 
-Remove one or more Organization-specific <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> from a given user.
-
-Users can be members of multiple Organizations with unique roles assigned for each membership. This action removes roles from a user in relation to the specified Organization. Roles assigned to the user within a different Organization cannot be managed in the same call.
+Assign one or more roles to a specified group in the context of an organization.
 </dd>
 </dl>
 </dd>
@@ -21013,10 +20987,10 @@ Users can be members of multiple Organizations with unique roles assigned for ea
 <dd>
 
 ```csharp
-await client.Organizations.Members.Roles.DeleteAsync(
-    "id",
-    "user_id",
-    new DeleteOrganizationMemberRolesRequestContent { Roles = new List<string>() { "roles" } }
+await client.Organizations.Groups.Roles.CreateAsync(
+    "organization_id",
+    "group_id",
+    new CreateOrganizationGroupRolesRequestContent { Roles = new List<string>() { "roles" } }
 );
 ```
 </dd>
@@ -21032,7 +21006,7 @@ await client.Organizations.Members.Roles.DeleteAsync(
 <dl>
 <dd>
 
-**id:** `string` — Organization identifier.
+**organizationId:** `string` — ID of the organization
     
 </dd>
 </dl>
@@ -21040,7 +21014,7 @@ await client.Organizations.Members.Roles.DeleteAsync(
 <dl>
 <dd>
 
-**userId:** `string` — User ID of the organization member to remove roles from.
+**groupId:** `string` — ID of the group
     
 </dd>
 </dl>
@@ -21048,7 +21022,7 @@ await client.Organizations.Members.Roles.DeleteAsync(
 <dl>
 <dd>
 
-**request:** `DeleteOrganizationMemberRolesRequestContent` 
+**request:** `CreateOrganizationGroupRolesRequestContent` 
     
 </dd>
 </dl>
@@ -21060,8 +21034,7 @@ await client.Organizations.Members.Roles.DeleteAsync(
 </dl>
 </details>
 
-## Prompts Rendering
-<details><summary><code>client.Prompts.Rendering.<a href="/src/Auth0.ManagementApi/Prompts/Rendering/RenderingClient.cs">ListAsync</a>(ListAculsRequestParameters { ... }) -> Pager&lt;ListAculsResponseContentItem&gt;</code></summary>
+<details><summary><code>client.Organizations.Groups.Roles.<a href="/src/Auth0.ManagementApi/Organizations/Groups/Roles/RolesClient.cs">DeleteAsync</a>(organizationId, groupId, DeleteOrganizationGroupRolesRequestContent { ... })</code></summary>
 <dl>
 <dd>
 
@@ -21073,7 +21046,7 @@ await client.Organizations.Members.Roles.DeleteAsync(
 <dl>
 <dd>
 
-Get render setting configurations for all screens.
+Unassign one or more roles from a specified group in the context of an organization.
 </dd>
 </dl>
 </dd>
@@ -21088,18 +21061,10 @@ Get render setting configurations for all screens.
 <dd>
 
 ```csharp
-await client.Prompts.Rendering.ListAsync(
-    new ListAculsRequestParameters
-    {
-        Fields = "fields",
-        IncludeFields = true,
-        Page = 1,
-        PerPage = 1,
-        IncludeTotals = true,
-        Prompt = "prompt",
-        Screen = "screen",
-        RenderingMode = AculRenderingModeEnum.Advanced,
-    }
+await client.Organizations.Groups.Roles.DeleteAsync(
+    "organization_id",
+    "group_id",
+    new DeleteOrganizationGroupRolesRequestContent { Roles = new List<string>() { "roles" } }
 );
 ```
 </dd>
@@ -21115,7 +21080,23 @@ await client.Prompts.Rendering.ListAsync(
 <dl>
 <dd>
 
-**request:** `ListAculsRequestParameters` 
+**organizationId:** `string` — ID of the organization
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**groupId:** `string` — ID of the group
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `DeleteOrganizationGroupRolesRequestContent` 
     
 </dd>
 </dl>
@@ -21127,7 +21108,8 @@ await client.Prompts.Rendering.ListAsync(
 </dl>
 </details>
 
-<details><summary><code>client.Prompts.Rendering.<a href="/src/Auth0.ManagementApi/Prompts/Rendering/RenderingClient.cs">BulkUpdateAsync</a>(BulkUpdateAculRequestContent { ... }) -> WithRawResponseTask&lt;BulkUpdateAculResponseContent&gt;</code></summary>
+## Organizations Members EffectiveRoles
+<details><summary><code>client.Organizations.Members.EffectiveRoles.<a href="/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/EffectiveRolesClient.cs">ListAsync</a>(id, userId, ListOrganizationMemberEffectiveRolesRequestParameters { ... }) -> Pager&lt;OrganizationMemberEffectiveRole&gt;</code></summary>
 <dl>
 <dd>
 
@@ -21139,7 +21121,7 @@ await client.Prompts.Rendering.ListAsync(
 <dl>
 <dd>
 
-Learn more about [configuring render settings](https://auth0.com/docs/customize/login-pages/advanced-customizations/getting-started/configure-acul-screens) for advanced customization.
+Lists the roles assigned to an organization member directly or through group membership.
 </dd>
 </dl>
 </dd>
@@ -21154,18 +21136,10 @@ Learn more about [configuring render settings](https://auth0.com/docs/customize/
 <dd>
 
 ```csharp
-await client.Prompts.Rendering.BulkUpdateAsync(
-    new BulkUpdateAculRequestContent
-    {
-        Configs = new List<AculConfigsItem>()
-        {
-            new AculConfigsItem
-            {
-                Prompt = PromptGroupNameEnum.Login,
-                Screen = ScreenGroupNameEnum.Login,
-            },
-        },
-    }
+await client.Organizations.Members.EffectiveRoles.ListAsync(
+    "id",
+    "user_id",
+    new ListOrganizationMemberEffectiveRolesRequestParameters { From = "from", Take = 1 }
 );
 ```
 </dd>
@@ -21181,7 +21155,23 @@ await client.Prompts.Rendering.BulkUpdateAsync(
 <dl>
 <dd>
 
-**request:** `BulkUpdateAculRequestContent` 
+**id:** `string` — Organization identifier.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**userId:** `string` — ID of the user to list effective roles for.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `ListOrganizationMemberEffectiveRolesRequestParameters` 
     
 </dd>
 </dl>
@@ -21193,7 +21183,8 @@ await client.Prompts.Rendering.BulkUpdateAsync(
 </dl>
 </details>
 
-<details><summary><code>client.Prompts.Rendering.<a href="/src/Auth0.ManagementApi/Prompts/Rendering/RenderingClient.cs">GetAsync</a>(prompt, screen) -> WithRawResponseTask&lt;GetAculResponseContent&gt;</code></summary>
+## Organizations Members Roles
+<details><summary><code>client.Organizations.Members.Roles.<a href="/src/Auth0.ManagementApi/Organizations/Members/Roles/RolesClient.cs">ListAsync</a>(id, userId, ListOrganizationMemberRolesRequestParameters { ... }) -> Pager&lt;Role&gt;</code></summary>
 <dl>
 <dd>
 
@@ -21205,7 +21196,9 @@ await client.Prompts.Rendering.BulkUpdateAsync(
 <dl>
 <dd>
 
-Get render settings for a screen.
+Retrieve detailed list of roles assigned to a given user within the context of a specific Organization. 
+
+Users can be members of multiple Organizations with unique roles assigned for each membership. This action only returns the roles associated with the specified Organization; any roles assigned to the user within other Organizations are not included.
 </dd>
 </dl>
 </dd>
@@ -21220,7 +21213,16 @@ Get render settings for a screen.
 <dd>
 
 ```csharp
-await client.Prompts.Rendering.GetAsync(PromptGroupNameEnum.Login, ScreenGroupNameEnum.Login);
+await client.Organizations.Members.Roles.ListAsync(
+    "id",
+    "user_id",
+    new ListOrganizationMemberRolesRequestParameters
+    {
+        Page = 1,
+        PerPage = 1,
+        IncludeTotals = true,
+    }
+);
 ```
 </dd>
 </dl>
@@ -21235,7 +21237,7 @@ await client.Prompts.Rendering.GetAsync(PromptGroupNameEnum.Login, ScreenGroupNa
 <dl>
 <dd>
 
-**prompt:** `PromptGroupNameEnum` — Name of the prompt
+**id:** `string` — Organization identifier.
     
 </dd>
 </dl>
@@ -21243,7 +21245,15 @@ await client.Prompts.Rendering.GetAsync(PromptGroupNameEnum.Login, ScreenGroupNa
 <dl>
 <dd>
 
-**screen:** `ScreenGroupNameEnum` — Name of the screen
+**userId:** `string` — ID of the user to associate roles with.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `ListOrganizationMemberRolesRequestParameters` 
     
 </dd>
 </dl>
@@ -21255,7 +21265,7 @@ await client.Prompts.Rendering.GetAsync(PromptGroupNameEnum.Login, ScreenGroupNa
 </dl>
 </details>
 
-<details><summary><code>client.Prompts.Rendering.<a href="/src/Auth0.ManagementApi/Prompts/Rendering/RenderingClient.cs">UpdateAsync</a>(prompt, screen, UpdateAculRequestContent { ... }) -> WithRawResponseTask&lt;UpdateAculResponseContent&gt;</code></summary>
+<details><summary><code>client.Organizations.Members.Roles.<a href="/src/Auth0.ManagementApi/Organizations/Members/Roles/RolesClient.cs">AssignAsync</a>(id, userId, AssignOrganizationMemberRolesRequestContent { ... })</code></summary>
 <dl>
 <dd>
 
@@ -21267,7 +21277,9 @@ await client.Prompts.Rendering.GetAsync(PromptGroupNameEnum.Login, ScreenGroupNa
 <dl>
 <dd>
 
-Learn more about [configuring render settings](https://auth0.com/docs/customize/login-pages/advanced-customizations/getting-started/configure-acul-screens) for advanced customization.
+Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a user to determine their access for a specific Organization.
+
+Users can be members of multiple Organizations with unique roles assigned for each membership. This action assigns roles to a user only for the specified Organization. Roles cannot be assigned to a user across multiple Organizations in the same call.
 </dd>
 </dl>
 </dd>
@@ -21282,10 +21294,10 @@ Learn more about [configuring render settings](https://auth0.com/docs/customize/
 <dd>
 
 ```csharp
-await client.Prompts.Rendering.UpdateAsync(
-    PromptGroupNameEnum.Login,
-    ScreenGroupNameEnum.Login,
-    new UpdateAculRequestContent()
+await client.Organizations.Members.Roles.AssignAsync(
+    "id",
+    "user_id",
+    new AssignOrganizationMemberRolesRequestContent { Roles = new List<string>() { "roles" } }
 );
 ```
 </dd>
@@ -21301,7 +21313,7 @@ await client.Prompts.Rendering.UpdateAsync(
 <dl>
 <dd>
 
-**prompt:** `PromptGroupNameEnum` — Name of the prompt
+**id:** `string` — Organization identifier.
     
 </dd>
 </dl>
@@ -21309,7 +21321,7 @@ await client.Prompts.Rendering.UpdateAsync(
 <dl>
 <dd>
 
-**screen:** `ScreenGroupNameEnum` — Name of the screen
+**userId:** `string` — ID of the user to associate roles with.
     
 </dd>
 </dl>
@@ -21317,7 +21329,7 @@ await client.Prompts.Rendering.UpdateAsync(
 <dl>
 <dd>
 
-**request:** `UpdateAculRequestContent` 
+**request:** `AssignOrganizationMemberRolesRequestContent` 
     
 </dd>
 </dl>
@@ -21329,8 +21341,7 @@ await client.Prompts.Rendering.UpdateAsync(
 </dl>
 </details>
 
-## Prompts CustomText
-<details><summary><code>client.Prompts.CustomText.<a href="/src/Auth0.ManagementApi/Prompts/CustomText/CustomTextClient.cs">GetAsync</a>(prompt, language) -> WithRawResponseTask&lt;Dictionary&lt;string, object?&gt;&gt;</code></summary>
+<details><summary><code>client.Organizations.Members.Roles.<a href="/src/Auth0.ManagementApi/Organizations/Members/Roles/RolesClient.cs">DeleteAsync</a>(id, userId, DeleteOrganizationMemberRolesRequestContent { ... })</code></summary>
 <dl>
 <dd>
 
@@ -21342,7 +21353,9 @@ await client.Prompts.Rendering.UpdateAsync(
 <dl>
 <dd>
 
-Retrieve custom text for a specific prompt and language.
+Remove one or more Organization-specific [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a given user.
+
+Users can be members of multiple Organizations with unique roles assigned for each membership. This action removes roles from a user in relation to the specified Organization. Roles assigned to the user within a different Organization cannot be managed in the same call.
 </dd>
 </dl>
 </dd>
@@ -21357,7 +21370,11 @@ Retrieve custom text for a specific prompt and language.
 <dd>
 
 ```csharp
-await client.Prompts.CustomText.GetAsync(PromptGroupNameEnum.Login, PromptLanguageEnum.Am);
+await client.Organizations.Members.Roles.DeleteAsync(
+    "id",
+    "user_id",
+    new DeleteOrganizationMemberRolesRequestContent { Roles = new List<string>() { "roles" } }
+);
 ```
 </dd>
 </dl>
@@ -21372,7 +21389,7 @@ await client.Prompts.CustomText.GetAsync(PromptGroupNameEnum.Login, PromptLangua
 <dl>
 <dd>
 
-**prompt:** `PromptGroupNameEnum` — Name of the prompt.
+**id:** `string` — Organization identifier.
     
 </dd>
 </dl>
@@ -21380,17 +21397,437 @@ await client.Prompts.CustomText.GetAsync(PromptGroupNameEnum.Login, PromptLangua
 <dl>
 <dd>
 
-**language:** `PromptLanguageEnum` — Language to update.
+**userId:** `string` — User ID of the organization member to remove roles from.
     
 </dd>
 </dl>
-</dd>
-</dl>
 
+<dl>
+<dd>
 
+**request:** `DeleteOrganizationMemberRolesRequestContent` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
+</dd>
+</dl>
+</details>
+
+## Organizations Members EffectiveRoles Sources Groups
+<details><summary><code>client.Organizations.Members.EffectiveRoles.Sources.Groups.<a href="/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/Groups/GroupsClient.cs">ListAsync</a>(id, userId, ListOrganizationMemberRoleSourceGroupsRequestParameters { ... }) -> Pager&lt;Group&gt;</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Lists the groups which grant the org member a given role.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Organizations.Members.EffectiveRoles.Sources.Groups.ListAsync(
+    "id",
+    "user_id",
+    new ListOrganizationMemberRoleSourceGroupsRequestParameters
+    {
+        From = "from",
+        Take = 1,
+        RoleId = "role_id",
+    }
+);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**id:** `string` — Organization identifier.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**userId:** `string` — ID of the user to list role source groups for.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `ListOrganizationMemberRoleSourceGroupsRequestParameters` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
+</dd>
+</dl>
+</details>
+
+## Prompts Rendering
+<details><summary><code>client.Prompts.Rendering.<a href="/src/Auth0.ManagementApi/Prompts/Rendering/RenderingClient.cs">ListAsync</a>(ListAculsRequestParameters { ... }) -> Pager&lt;ListAculsResponseContentItem&gt;</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Get render setting configurations for all screens.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Prompts.Rendering.ListAsync(
+    new ListAculsRequestParameters
+    {
+        Fields = "fields",
+        IncludeFields = true,
+        Page = 1,
+        PerPage = 1,
+        IncludeTotals = true,
+        Prompt = "prompt",
+        Screen = "screen",
+        RenderingMode = AculRenderingModeEnum.Advanced,
+    }
+);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**request:** `ListAculsRequestParameters` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
+</dd>
+</dl>
+</details>
+
+<details><summary><code>client.Prompts.Rendering.<a href="/src/Auth0.ManagementApi/Prompts/Rendering/RenderingClient.cs">BulkUpdateAsync</a>(BulkUpdateAculRequestContent { ... }) -> WithRawResponseTask&lt;BulkUpdateAculResponseContent&gt;</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Learn more about [configuring render settings](https://auth0.com/docs/customize/login-pages/advanced-customizations/getting-started/configure-acul-screens) for advanced customization.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Prompts.Rendering.BulkUpdateAsync(
+    new BulkUpdateAculRequestContent
+    {
+        Configs = new List<AculConfigsItem>()
+        {
+            new AculConfigsItem
+            {
+                Prompt = PromptGroupNameEnum.Login,
+                Screen = ScreenGroupNameEnum.Login,
+            },
+        },
+    }
+);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**request:** `BulkUpdateAculRequestContent` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
+</dd>
+</dl>
+</details>
+
+<details><summary><code>client.Prompts.Rendering.<a href="/src/Auth0.ManagementApi/Prompts/Rendering/RenderingClient.cs">GetAsync</a>(prompt, screen) -> WithRawResponseTask&lt;GetAculResponseContent&gt;</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Get render settings for a screen.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Prompts.Rendering.GetAsync(PromptGroupNameEnum.Login, ScreenGroupNameEnum.Login);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**prompt:** `PromptGroupNameEnum` — Name of the prompt
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**screen:** `ScreenGroupNameEnum` — Name of the screen
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
+</dd>
+</dl>
+</details>
+
+<details><summary><code>client.Prompts.Rendering.<a href="/src/Auth0.ManagementApi/Prompts/Rendering/RenderingClient.cs">UpdateAsync</a>(prompt, screen, UpdateAculRequestContent { ... }) -> WithRawResponseTask&lt;UpdateAculResponseContent&gt;</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Learn more about [configuring render settings](https://auth0.com/docs/customize/login-pages/advanced-customizations/getting-started/configure-acul-screens) for advanced customization.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Prompts.Rendering.UpdateAsync(
+    PromptGroupNameEnum.Login,
+    ScreenGroupNameEnum.Login,
+    new UpdateAculRequestContent()
+);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**prompt:** `PromptGroupNameEnum` — Name of the prompt
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**screen:** `ScreenGroupNameEnum` — Name of the screen
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `UpdateAculRequestContent` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
+</dd>
+</dl>
+</details>
+
+## Prompts CustomText
+<details><summary><code>client.Prompts.CustomText.<a href="/src/Auth0.ManagementApi/Prompts/CustomText/CustomTextClient.cs">GetAsync</a>(prompt, language) -> WithRawResponseTask&lt;Dictionary&lt;string, object?&gt;&gt;</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Retrieve custom text for a specific prompt and language.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Prompts.CustomText.GetAsync(PromptGroupNameEnum.Login, PromptLanguageEnum.Am);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**prompt:** `PromptGroupNameEnum` — Name of the prompt.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**language:** `PromptLanguageEnum` — Language to update.
+    
+</dd>
+</dl>
 </dd>
 </dl>
-</details>
+
+
+</dd>
+</dl>
+</details>
 
 <details><summary><code>client.Prompts.CustomText.<a href="/src/Auth0.ManagementApi/Prompts/CustomText/CustomTextClient.cs">SetAsync</a>(prompt, language, Dictionary&lt;string, object?&gt; { ... })</code></summary>
 <dl>
@@ -21766,7 +22203,200 @@ await client.RiskAssessments.Settings.NewDevice.UpdateAsync(
 <dl>
 <dd>
 
-**request:** `UpdateRiskAssessmentsSettingsNewDeviceRequestContent` 
+**request:** `UpdateRiskAssessmentsSettingsNewDeviceRequestContent` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
+</dd>
+</dl>
+</details>
+
+## Roles Groups
+<details><summary><code>client.Roles.Groups.<a href="/src/Auth0.ManagementApi/Roles/Groups/GroupsClient.cs">GetAsync</a>(id, ListRoleGroupsParameters { ... }) -> Pager&lt;Group&gt;</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Lists the groups to which the specified role is assigned.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Roles.Groups.GetAsync("id", new ListRoleGroupsParameters { From = "from", Take = 1 });
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**id:** `string` — Unique identifier for the role (service-generated).
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `ListRoleGroupsParameters` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
+</dd>
+</dl>
+</details>
+
+<details><summary><code>client.Roles.Groups.<a href="/src/Auth0.ManagementApi/Roles/Groups/GroupsClient.cs">CreateAsync</a>(id, AssignRoleGroupsRequestContent { ... })</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Assign one or more groups to a specified role.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Roles.Groups.CreateAsync(
+    "id",
+    new AssignRoleGroupsRequestContent { Groups = new List<string>() { "groups" } }
+);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**id:** `string` — Unique identifier for the role (service-generated).
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `AssignRoleGroupsRequestContent` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
+</dd>
+</dl>
+</details>
+
+<details><summary><code>client.Roles.Groups.<a href="/src/Auth0.ManagementApi/Roles/Groups/GroupsClient.cs">DeleteAsync</a>(id, DeleteRoleGroupsRequestContent { ... })</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Unassign one or more groups from a specified role.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Roles.Groups.DeleteAsync(
+    "id",
+    new DeleteRoleGroupsRequestContent { Groups = new List<string>() { "groups" } }
+);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**id:** `string` — Unique identifier for the role (service-generated).
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `DeleteRoleGroupsRequestContent` 
     
 </dd>
 </dl>
@@ -23110,6 +23740,143 @@ await client.Users.ConnectedAccounts.ListAsync(
 </dl>
 
 
+</dd>
+</dl>
+</details>
+
+## Users EffectivePermissions
+<details><summary><code>client.Users.EffectivePermissions.<a href="/src/Auth0.ManagementApi/Users/EffectivePermissions/EffectivePermissionsClient.cs">ListAsync</a>(id, ListUserEffectivePermissionsRequestParameters { ... }) -> Pager&lt;UserEffectivePermissionResponseContent&gt;</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Returns the list of effective permissions for a user, taking into account permissions granted directly to the user, as well as those inherited through roles and group memberships.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Users.EffectivePermissions.ListAsync(
+    "id",
+    new ListUserEffectivePermissionsRequestParameters
+    {
+        From = "from",
+        Take = 1,
+        ResourceServerIdentifier = "resource_server_identifier",
+    }
+);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**id:** `string` — ID of the user to retrieve the permissions for.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `ListUserEffectivePermissionsRequestParameters` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
+</dd>
+</dl>
+</details>
+
+## Users EffectiveRoles
+<details><summary><code>client.Users.EffectiveRoles.<a href="/src/Auth0.ManagementApi/Users/EffectiveRoles/EffectiveRolesClient.cs">ListAsync</a>(id, ListUserEffectiveRolesRequestParameters { ... }) -> Pager&lt;UserEffectiveRole&gt;</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Retrieve detailed list of effective roles for a user, including roles assigned directly and through group memberships.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Users.EffectiveRoles.ListAsync(
+    "id",
+    new ListUserEffectiveRolesRequestParameters { From = "from", Take = 1 }
+);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**id:** `string` — ID of the user to list effective roles for.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `ListUserEffectiveRolesRequestParameters` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
 </dd>
 </dl>
 </details>
@@ -24507,6 +25274,149 @@ await client.Users.Sessions.DeleteAsync("user_id");
 </dl>
 
 
+</dd>
+</dl>
+</details>
+
+## Users EffectivePermissions Sources Roles
+<details><summary><code>client.Users.EffectivePermissions.Sources.Roles.<a href="/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/Roles/RolesClient.cs">ListAsync</a>(id, ListUserEffectivePermissionRoleSourceRequestParameters { ... }) -> Pager&lt;UserEffectivePermissionRoleSourceResponseContent&gt;</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Lists the roles which grant the user a given permission, including roles assigned directly to the user and those inherited through group memberships.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Users.EffectivePermissions.Sources.Roles.ListAsync(
+    "id",
+    new ListUserEffectivePermissionRoleSourceRequestParameters
+    {
+        From = "from",
+        Take = 1,
+        ResourceServerIdentifier = "resource_server_identifier",
+        PermissionName = "permission_name",
+    }
+);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**id:** `string` — ID of the user to retrieve the permissions for.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `ListUserEffectivePermissionRoleSourceRequestParameters` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
+</dd>
+</dl>
+</details>
+
+## Users EffectiveRoles Sources Groups
+<details><summary><code>client.Users.EffectiveRoles.Sources.Groups.<a href="/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/Groups/GroupsClient.cs">ListAsync</a>(id, ListUserRoleSourceGroupsRequestParameters { ... }) -> Pager&lt;Group&gt;</code></summary>
+<dl>
+<dd>
+
+#### 📝 Description
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+Lists the groups that grant a user a specific role.
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### 🔌 Usage
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+```csharp
+await client.Users.EffectiveRoles.Sources.Groups.ListAsync(
+    "id",
+    new ListUserRoleSourceGroupsRequestParameters
+    {
+        RoleId = "role_id",
+        From = "from",
+        Take = 1,
+    }
+);
+```
+</dd>
+</dl>
+</dd>
+</dl>
+
+#### ⚙️ Parameters
+
+<dl>
+<dd>
+
+<dl>
+<dd>
+
+**id:** `string` — ID of the user to list role source groups for.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**request:** `ListUserRoleSourceGroupsRequestParameters` 
+    
+</dd>
+</dl>
+</dd>
+</dl>
+
+
 </dd>
 </dl>
 </details>
diff --git a/src/Auth0.ManagementApi/ClientGrants/ClientGrantsClient.cs b/src/Auth0.ManagementApi/ClientGrants/ClientGrantsClient.cs
index 3138acb5c..490e71cc3 100644
--- a/src/Auth0.ManagementApi/ClientGrants/ClientGrantsClient.cs
+++ b/src/Auth0.ManagementApi/ClientGrants/ClientGrantsClient.cs
@@ -16,7 +16,7 @@ internal ClientGrantsClient(RawClient client)
     public Auth0.ManagementApi.ClientGrants.IOrganizationsClient Organizations { get; }
 
     /// <summary>
-    /// Retrieve a list of <see href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grants</see>, including the scopes associated with the application/API pair.
+    /// Retrieve a list of [client grants](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the scopes associated with the application/API pair.
     /// </summary>
     private WithRawResponseTask<ListClientGrantPaginatedResponseContent> ListInternalAsync(
         ListClientGrantsRequestParameters request,
@@ -401,7 +401,7 @@ private async Task<WithRawResponse<UpdateClientGrantResponseContent>> UpdateAsyn
     }
 
     /// <summary>
-    /// Retrieve a list of <see href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grants</see>, including the scopes associated with the application/API pair.
+    /// Retrieve a list of [client grants](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the scopes associated with the application/API pair.
     /// </summary>
     /// <example><code>
     /// await client.ClientGrants.ListAsync(
@@ -452,7 +452,7 @@ await ListInternalAsync(request, options, cancellationToken).WithRawResponse(),
     }
 
     /// <summary>
-    /// Create a client grant for a machine-to-machine login flow. To learn more, read <see href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</see>.
+    /// Create a client grant for a machine-to-machine login flow. To learn more, read [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow).
     /// </summary>
     /// <example><code>
     /// await client.ClientGrants.CreateAsync(
@@ -471,7 +471,7 @@ public WithRawResponseTask<CreateClientGrantResponseContent> CreateAsync(
     }
 
     /// <summary>
-    /// Retrieve a single <see href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grant</see>, including the
+    /// Retrieve a single [client grant](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the
     /// scopes associated with the application/API pair.
     /// </summary>
     /// <example><code>
@@ -489,7 +489,7 @@ public WithRawResponseTask<GetClientGrantResponseContent> GetAsync(
     }
 
     /// <summary>
-    /// Delete the <see href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</see> from your machine-to-machine application.
+    /// Delete the [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow) from your machine-to-machine application.
     /// </summary>
     /// <example><code>
     /// await client.ClientGrants.DeleteAsync("id");
diff --git a/src/Auth0.ManagementApi/ClientGrants/IClientGrantsClient.cs b/src/Auth0.ManagementApi/ClientGrants/IClientGrantsClient.cs
index 0b298afff..169118473 100644
--- a/src/Auth0.ManagementApi/ClientGrants/IClientGrantsClient.cs
+++ b/src/Auth0.ManagementApi/ClientGrants/IClientGrantsClient.cs
@@ -7,7 +7,7 @@ public partial interface IClientGrantsClient
     public Auth0.ManagementApi.ClientGrants.IOrganizationsClient Organizations { get; }
 
     /// <summary>
-    /// Retrieve a list of <see href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grants</see>, including the scopes associated with the application/API pair.
+    /// Retrieve a list of [client grants](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the scopes associated with the application/API pair.
     /// </summary>
     Task<Pager<ClientGrantResponseContent>> ListAsync(
         ListClientGrantsRequestParameters request,
@@ -16,7 +16,7 @@ Task<Pager<ClientGrantResponseContent>> ListAsync(
     );
 
     /// <summary>
-    /// Create a client grant for a machine-to-machine login flow. To learn more, read <see href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</see>.
+    /// Create a client grant for a machine-to-machine login flow. To learn more, read [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow).
     /// </summary>
     WithRawResponseTask<CreateClientGrantResponseContent> CreateAsync(
         CreateClientGrantRequestContent request,
@@ -25,7 +25,7 @@ WithRawResponseTask<CreateClientGrantResponseContent> CreateAsync(
     );
 
     /// <summary>
-    /// Retrieve a single <see href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grant</see>, including the
+    /// Retrieve a single [client grant](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the
     /// scopes associated with the application/API pair.
     /// </summary>
     WithRawResponseTask<GetClientGrantResponseContent> GetAsync(
@@ -35,7 +35,7 @@ WithRawResponseTask<GetClientGrantResponseContent> GetAsync(
     );
 
     /// <summary>
-    /// Delete the <see href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</see> from your machine-to-machine application.
+    /// Delete the [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow) from your machine-to-machine application.
     /// </summary>
     Task DeleteAsync(
         string id,
diff --git a/src/Auth0.ManagementApi/Clients/ClientsClient.cs b/src/Auth0.ManagementApi/Clients/ClientsClient.cs
index a0f3e638d..92c5ad6f4 100644
--- a/src/Auth0.ManagementApi/Clients/ClientsClient.cs
+++ b/src/Auth0.ManagementApi/Clients/ClientsClient.cs
@@ -21,38 +21,30 @@ internal ClientsClient(RawClient client)
 
     /// <summary>
     /// Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified.
-    /// For more information, read <see href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</see> and <see href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</see>.
+    /// For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
     ///
-    /// <list type="bullet">
-    ///   <item><description>
-    ///     The following can be retrieved with any scope:
-    ///     <c>client_id</c>, <c>app_type</c>, <c>name</c>, and <c>description</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     The following properties can only be retrieved with the <c>read:clients</c> or
-    ///     <c>read:client_keys</c> scope:
-    ///     <c>callbacks</c>, <c>oidc_logout</c>, <c>allowed_origins</c>,
-    ///     <c>web_origins</c>, <c>tenant</c>, <c>global</c>, <c>config_route</c>,
-    ///     <c>callback_url_template</c>, <c>jwt_configuration</c>,
-    ///     <c>jwt_configuration.lifetime_in_seconds</c>, <c>jwt_configuration.secret_encoded</c>,
-    ///     <c>jwt_configuration.scopes</c>, <c>jwt_configuration.alg</c>, <c>api_type</c>,
-    ///     <c>logo_uri</c>, <c>allowed_clients</c>, <c>owners</c>, <c>custom_login_page</c>,
-    ///     <c>custom_login_page_off</c>, <c>sso</c>, <c>addons</c>, <c>form_template</c>,
-    ///     <c>custom_login_page_codeview</c>, <c>resource_servers</c>, <c>client_metadata</c>,
-    ///     <c>mobile</c>, <c>mobile.android</c>, <c>mobile.ios</c>, <c>allowed_logout_urls</c>,
-    ///     <c>token_endpoint_auth_method</c>, <c>is_first_party</c>, <c>oidc_conformant</c>,
-    ///     <c>is_token_endpoint_ip_header_trusted</c>, <c>initiate_login_uri</c>, <c>grant_types</c>,
-    ///     <c>refresh_token</c>, <c>refresh_token.rotation_type</c>, <c>refresh_token.expiration_type</c>,
-    ///     <c>refresh_token.leeway</c>, <c>refresh_token.token_lifetime</c>, <c>refresh_token.policies</c>, <c>organization_usage</c>,
-    ///     <c>organization_require_behavior</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     The following properties can only be retrieved with the
-    ///     <c>read:client_keys</c> or <c>read:client_credentials</c> scope:
-    ///     <c>encryption_key</c>, <c>encryption_key.pub</c>, <c>encryption_key.cert</c>,
-    ///     <c>client_secret</c>, <c>client_authentication_methods</c> and <c>signing_key</c>.
-    ///   </description></item>
-    /// </list>
+    /// - The following can be retrieved with any scope:
+    ///     `client_id`, `app_type`, `name`, and `description`.
+    /// - The following properties can only be retrieved with the `read:clients` or
+    ///     `read:client_keys` scope:
+    ///     `callbacks`, `oidc_logout`, `allowed_origins`,
+    ///     `web_origins`, `tenant`, `global`, `config_route`,
+    ///     `callback_url_template`, `jwt_configuration`,
+    ///     `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+    ///     `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+    ///     `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+    ///     `custom_login_page_off`, `sso`, `addons`, `form_template`,
+    ///     `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+    ///     `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+    ///     `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+    ///     `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+    ///     `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+    ///     `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+    ///     `organization_require_behavior`.
+    /// - The following properties can only be retrieved with the
+    ///     `read:client_keys` or `read:client_credentials` scope:
+    ///     `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+    ///     `client_secret`, `client_authentication_methods` and `signing_key`.
     /// </summary>
     private WithRawResponseTask<ListClientsOffsetPaginatedResponseContent> ListInternalAsync(
         ListClientsRequestParameters request,
@@ -726,38 +718,30 @@ private async Task<WithRawResponse<RotateClientSecretResponseContent>> RotateSec
 
     /// <summary>
     /// Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified.
-    /// For more information, read <see href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</see> and <see href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</see>.
+    /// For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
     ///
-    /// <list type="bullet">
-    ///   <item><description>
-    ///     The following can be retrieved with any scope:
-    ///     <c>client_id</c>, <c>app_type</c>, <c>name</c>, and <c>description</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     The following properties can only be retrieved with the <c>read:clients</c> or
-    ///     <c>read:client_keys</c> scope:
-    ///     <c>callbacks</c>, <c>oidc_logout</c>, <c>allowed_origins</c>,
-    ///     <c>web_origins</c>, <c>tenant</c>, <c>global</c>, <c>config_route</c>,
-    ///     <c>callback_url_template</c>, <c>jwt_configuration</c>,
-    ///     <c>jwt_configuration.lifetime_in_seconds</c>, <c>jwt_configuration.secret_encoded</c>,
-    ///     <c>jwt_configuration.scopes</c>, <c>jwt_configuration.alg</c>, <c>api_type</c>,
-    ///     <c>logo_uri</c>, <c>allowed_clients</c>, <c>owners</c>, <c>custom_login_page</c>,
-    ///     <c>custom_login_page_off</c>, <c>sso</c>, <c>addons</c>, <c>form_template</c>,
-    ///     <c>custom_login_page_codeview</c>, <c>resource_servers</c>, <c>client_metadata</c>,
-    ///     <c>mobile</c>, <c>mobile.android</c>, <c>mobile.ios</c>, <c>allowed_logout_urls</c>,
-    ///     <c>token_endpoint_auth_method</c>, <c>is_first_party</c>, <c>oidc_conformant</c>,
-    ///     <c>is_token_endpoint_ip_header_trusted</c>, <c>initiate_login_uri</c>, <c>grant_types</c>,
-    ///     <c>refresh_token</c>, <c>refresh_token.rotation_type</c>, <c>refresh_token.expiration_type</c>,
-    ///     <c>refresh_token.leeway</c>, <c>refresh_token.token_lifetime</c>, <c>refresh_token.policies</c>, <c>organization_usage</c>,
-    ///     <c>organization_require_behavior</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     The following properties can only be retrieved with the
-    ///     <c>read:client_keys</c> or <c>read:client_credentials</c> scope:
-    ///     <c>encryption_key</c>, <c>encryption_key.pub</c>, <c>encryption_key.cert</c>,
-    ///     <c>client_secret</c>, <c>client_authentication_methods</c> and <c>signing_key</c>.
-    ///   </description></item>
-    /// </list>
+    /// - The following can be retrieved with any scope:
+    ///     `client_id`, `app_type`, `name`, and `description`.
+    /// - The following properties can only be retrieved with the `read:clients` or
+    ///     `read:client_keys` scope:
+    ///     `callbacks`, `oidc_logout`, `allowed_origins`,
+    ///     `web_origins`, `tenant`, `global`, `config_route`,
+    ///     `callback_url_template`, `jwt_configuration`,
+    ///     `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+    ///     `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+    ///     `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+    ///     `custom_login_page_off`, `sso`, `addons`, `form_template`,
+    ///     `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+    ///     `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+    ///     `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+    ///     `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+    ///     `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+    ///     `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+    ///     `organization_require_behavior`.
+    /// - The following properties can only be retrieved with the
+    ///     `read:client_keys` or `read:client_credentials` scope:
+    ///     `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+    ///     `client_secret`, `client_authentication_methods` and `signing_key`.
     /// </summary>
     /// <example><code>
     /// await client.Clients.ListAsync(
@@ -811,18 +795,18 @@ await ListInternalAsync(request, options, cancellationToken).WithRawResponse(),
     }
 
     /// <summary>
-    /// Create a new client (application or SSO integration). For more information, read <see href="https://www.auth0.com/docs/get-started/auth0-overview/create-applications">Create Applications</see>
-    /// <see href="https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on>"&gt;API Endpoints for Single Sign-On</see>.
+    /// Create a new client (application or SSO integration). For more information, read [Create Applications](https://www.auth0.com/docs/get-started/auth0-overview/create-applications)
+    /// [API Endpoints for Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on).
     ///
     /// Notes:
     /// - We recommend leaving the `client_secret` parameter unspecified to allow the generation of a safe secret.
-    /// - The <c>client_authentication_methods</c> and <c>token_endpoint_auth_method</c> properties are mutually exclusive. Use
-    /// <c>client_authentication_methods</c> to configure the client with Private Key JWT authentication method. Otherwise, use <c>token_endpoint_auth_method</c>
+    /// - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use
+    /// `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method`
     /// to configure the client with client secret (basic or post) or with no authentication method (none).
-    /// - When using <c>client_authentication_methods</c> to configure the client with Private Key JWT authentication method, specify fully defined credentials.
+    /// - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, specify fully defined credentials.
     /// These credentials will be automatically enabled for Private Key JWT authentication on the client.
-    /// - To configure <c>client_authentication_methods</c>, the <c>create:client_credentials</c> scope is required.
-    /// - To configure <c>client_authentication_methods</c>, the property <c>jwt_configuration.alg</c> must be set to RS256.
+    /// - To configure `client_authentication_methods`, the `create:client_credentials` scope is required.
+    /// - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
     ///
     /// SSO Integrations created via this endpoint will accept login requests and share user profile information.
     /// </summary>
@@ -894,36 +878,29 @@ public WithRawResponseTask<RegisterCimdClientResponseContent> RegisterCimdClient
 
     /// <summary>
     /// Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified.
-    /// For more information, read <see href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</see> and <see href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</see>.
-    /// <list type="bullet">
-    ///   <item><description>
-    ///     The following properties can be retrieved with any of the scopes:
-    ///     <c>client_id</c>, <c>app_type</c>, <c>name</c>, and <c>description</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     The following properties can only be retrieved with the <c>read:clients</c> or
-    ///     <c>read:client_keys</c> scopes:
-    ///     <c>callbacks</c>, <c>oidc_logout</c>, <c>allowed_origins</c>,
-    ///     <c>web_origins</c>, <c>tenant</c>, <c>global</c>, <c>config_route</c>,
-    ///     <c>callback_url_template</c>, <c>jwt_configuration</c>,
-    ///     <c>jwt_configuration.lifetime_in_seconds</c>, <c>jwt_configuration.secret_encoded</c>,
-    ///     <c>jwt_configuration.scopes</c>, <c>jwt_configuration.alg</c>, <c>api_type</c>,
-    ///     <c>logo_uri</c>, <c>allowed_clients</c>, <c>owners</c>, <c>custom_login_page</c>,
-    ///     <c>custom_login_page_off</c>, <c>sso</c>, <c>addons</c>, <c>form_template</c>,
-    ///     <c>custom_login_page_codeview</c>, <c>resource_servers</c>, <c>client_metadata</c>,
-    ///     <c>mobile</c>, <c>mobile.android</c>, <c>mobile.ios</c>, <c>allowed_logout_urls</c>,
-    ///     <c>token_endpoint_auth_method</c>, <c>is_first_party</c>, <c>oidc_conformant</c>,
-    ///     <c>is_token_endpoint_ip_header_trusted</c>, <c>initiate_login_uri</c>, <c>grant_types</c>,
-    ///     <c>refresh_token</c>, <c>refresh_token.rotation_type</c>, <c>refresh_token.expiration_type</c>,
-    ///     <c>refresh_token.leeway</c>, <c>refresh_token.token_lifetime</c>, <c>refresh_token.policies</c>, <c>organization_usage</c>,
-    ///     <c>organization_require_behavior</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     The following properties can only be retrieved with the <c>read:client_keys</c> or <c>read:client_credentials</c> scopes:
-    ///     <c>encryption_key</c>, <c>encryption_key.pub</c>, <c>encryption_key.cert</c>,
-    ///     <c>client_secret</c>, <c>client_authentication_methods</c> and <c>signing_key</c>.
-    ///   </description></item>
-    /// </list>
+    /// For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+    ///
+    /// - The following properties can be retrieved with any of the scopes:
+    ///     `client_id`, `app_type`, `name`, and `description`.
+    /// - The following properties can only be retrieved with the `read:clients` or
+    ///     `read:client_keys` scopes:
+    ///     `callbacks`, `oidc_logout`, `allowed_origins`,
+    ///     `web_origins`, `tenant`, `global`, `config_route`,
+    ///     `callback_url_template`, `jwt_configuration`,
+    ///     `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+    ///     `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+    ///     `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+    ///     `custom_login_page_off`, `sso`, `addons`, `form_template`,
+    ///     `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+    ///     `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+    ///     `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+    ///     `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+    ///     `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+    ///     `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+    ///     `organization_require_behavior`.
+    /// - The following properties can only be retrieved with the `read:client_keys` or `read:client_credentials` scopes:
+    ///     `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+    ///     `client_secret`, `client_authentication_methods` and `signing_key`.
     /// </summary>
     /// <example><code>
     /// await client.Clients.GetAsync(
@@ -1008,15 +985,15 @@ public async Task DeleteAsync(
     }
 
     /// <summary>
-    /// Updates a client's settings. For more information, read <see href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</see> and <see href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</see>.
+    /// Updates a client's settings. For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
     ///
     /// Notes:
     /// - The `client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope.
-    /// - The <c>client_authentication_methods</c> and <c>token_endpoint_auth_method</c> properties are mutually exclusive. Use <c>client_authentication_methods</c> to configure the client with Private Key JWT authentication method. Otherwise, use <c>token_endpoint_auth_method</c> to configure the client with client secret (basic or post) or with no authentication method (none).
-    /// - When using <c>client_authentication_methods</c> to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
-    /// - To configure <c>client_authentication_methods</c>, the <c>update:client_credentials</c> scope is required.
-    /// - To configure <c>client_authentication_methods</c>, the property <c>jwt_configuration.alg</c> must be set to RS256.
-    /// - To change a client's <c>is_first_party</c> property to <c>false</c>, the <c>organization_usage</c> and <c>organization_require_behavior</c> properties must be unset.
+    /// - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).
+    /// - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
+    /// - To configure `client_authentication_methods`, the `update:client_credentials` scope is required.
+    /// - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
+    /// - To change a client's `is_first_party` property to `false`, the `organization_usage` and `organization_require_behavior` properties must be unset.
     /// </summary>
     /// <example><code>
     /// await client.Clients.UpdateAsync("id", new UpdateClientRequestContent());
@@ -1038,7 +1015,7 @@ public WithRawResponseTask<UpdateClientResponseContent> UpdateAsync(
     ///
     /// This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.
     ///
-    /// For more information, read <see href="https://www.auth0.com/docs/get-started/applications/rotate-client-secret">Rotate Client Secrets</see>.
+    /// For more information, read [Rotate Client Secrets](https://www.auth0.com/docs/get-started/applications/rotate-client-secret).
     /// </summary>
     /// <example><code>
     /// await client.Clients.RotateSecretAsync("id");
diff --git a/src/Auth0.ManagementApi/Clients/Connections/ConnectionsClient.cs b/src/Auth0.ManagementApi/Clients/Connections/ConnectionsClient.cs
index df29fc159..25ac076fb 100644
--- a/src/Auth0.ManagementApi/Clients/Connections/ConnectionsClient.cs
+++ b/src/Auth0.ManagementApi/Clients/Connections/ConnectionsClient.cs
@@ -14,15 +14,10 @@ internal ConnectionsClient(RawClient client)
     }
 
     /// <summary>
-    /// Retrieve all connections that are enabled for the specified <see href="https://www.auth0.com/docs/get-started/applications"> Application</see>, using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
-    /// <list type="bullet">
-    ///   <item><description>
-    ///     This endpoint requires the <c>read:connections</c> scope and any one of <c>read:clients</c> or <c>read:client_summary</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     <b>Note</b>: The first time you call this endpoint, omit the <c>from</c> parameter. If there are more results, a <c>next</c> value is included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, no further results are remaining.
-    ///   </description></item>
-    /// </list>
+    /// Retrieve all connections that are enabled for the specified [Application](https://www.auth0.com/docs/get-started/applications), using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
+    ///
+    /// - This endpoint requires the `read:connections` scope and any one of `read:clients` or `read:client_summary`.
+    /// - **Note**: The first time you call this endpoint, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no further results are remaining.
     /// </summary>
     private WithRawResponseTask<ListClientConnectionsResponseContent> GetInternalAsync(
         string id,
@@ -140,15 +135,10 @@ private async Task<WithRawResponse<ListClientConnectionsResponseContent>> GetInt
     }
 
     /// <summary>
-    /// Retrieve all connections that are enabled for the specified <see href="https://www.auth0.com/docs/get-started/applications"> Application</see>, using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
-    /// <list type="bullet">
-    ///   <item><description>
-    ///     This endpoint requires the <c>read:connections</c> scope and any one of <c>read:clients</c> or <c>read:client_summary</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     <b>Note</b>: The first time you call this endpoint, omit the <c>from</c> parameter. If there are more results, a <c>next</c> value is included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, no further results are remaining.
-    ///   </description></item>
-    /// </list>
+    /// Retrieve all connections that are enabled for the specified [Application](https://www.auth0.com/docs/get-started/applications), using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
+    ///
+    /// - This endpoint requires the `read:connections` scope and any one of `read:clients` or `read:client_summary`.
+    /// - **Note**: The first time you call this endpoint, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no further results are remaining.
     /// </summary>
     /// <example><code>
     /// await client.Clients.Connections.GetAsync(
diff --git a/src/Auth0.ManagementApi/Clients/Connections/IConnectionsClient.cs b/src/Auth0.ManagementApi/Clients/Connections/IConnectionsClient.cs
index 4450b9300..9264856a3 100644
--- a/src/Auth0.ManagementApi/Clients/Connections/IConnectionsClient.cs
+++ b/src/Auth0.ManagementApi/Clients/Connections/IConnectionsClient.cs
@@ -6,15 +6,10 @@ namespace Auth0.ManagementApi.Clients;
 public partial interface IConnectionsClient
 {
     /// <summary>
-    /// Retrieve all connections that are enabled for the specified <see href="https://www.auth0.com/docs/get-started/applications"> Application</see>, using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
-    /// <list type="bullet">
-    ///   <item><description>
-    ///     This endpoint requires the <c>read:connections</c> scope and any one of <c>read:clients</c> or <c>read:client_summary</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     <b>Note</b>: The first time you call this endpoint, omit the <c>from</c> parameter. If there are more results, a <c>next</c> value is included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, no further results are remaining.
-    ///   </description></item>
-    /// </list>
+    /// Retrieve all connections that are enabled for the specified [Application](https://www.auth0.com/docs/get-started/applications), using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
+    ///
+    /// - This endpoint requires the `read:connections` scope and any one of `read:clients` or `read:client_summary`.
+    /// - **Note**: The first time you call this endpoint, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no further results are remaining.
     /// </summary>
     Task<Pager<ConnectionForList>> GetAsync(
         string id,
diff --git a/src/Auth0.ManagementApi/Clients/Credentials/CredentialsClient.cs b/src/Auth0.ManagementApi/Clients/Credentials/CredentialsClient.cs
index 7c8b38dc4..95f0eaf9f 100644
--- a/src/Auth0.ManagementApi/Clients/Credentials/CredentialsClient.cs
+++ b/src/Auth0.ManagementApi/Clients/Credentials/CredentialsClient.cs
@@ -382,7 +382,7 @@ private async Task<WithRawResponse<PatchClientCredentialResponseContent>> Update
     /// <summary>
     /// Get the details of a client credential.
     ///
-    /// <b>Important</b>: To enable credentials to be used for a client authentication method, set the <c>client_authentication_methods</c> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <c>signed_request_object</c> property on the client.
+    /// **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
     /// </summary>
     /// <example><code>
     /// await client.Clients.Credentials.ListAsync("client_id");
@@ -401,37 +401,61 @@ public WithRawResponseTask<IEnumerable<ClientCredential>> ListAsync(
     /// <summary>
     /// Create a client credential associated to your application. Credentials can be used to configure Private Key JWT and mTLS authentication methods, as well as for JWT-secured Authorization requests.
     ///
-    /// <para>Public Key</para>Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+    /// **Public Key**
     ///
-    /// Sample: <code>{
+    /// Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+    ///
+    /// Sample:
+    ///
+    /// ```json
+    /// {
     ///   "credential_type": "public_key",
     ///   "name": "string",
     ///   "pem": "string",
     ///   "alg": "RS256",
     ///   "parse_expiry_from_cert": false,
     ///   "expires_at": "2022-12-31T23:59:59Z"
-    /// }</code>
-    /// <para>Certificate (CA-signed & self-signed)</para>Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+    /// }
+    /// ```
+    ///
+    /// **Certificate (CA-signed & self-signed)**
+    ///
+    /// Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+    ///
+    /// CA-signed Certificate Sample (pem):
     ///
-    /// CA-signed Certificate Sample (pem): <code>{
+    /// ```json
+    /// {
     ///   "credential_type": "x509_cert",
     ///   "name": "string",
     ///   "pem": "string"
-    /// }</code>CA-signed Certificate Sample (subject_dn): <code>{
+    /// }
+    /// ```
+    ///
+    /// CA-signed Certificate Sample (subject_dn):
+    ///
+    /// ```json
+    /// {
     ///   "credential_type": "cert_subject_dn",
     ///   "name": "string",
     ///   "subject_dn": "string"
-    /// }</code>Self-signed Certificate Sample: <code>{
+    /// }
+    /// ```
+    ///
+    /// Self-signed Certificate Sample:
+    ///
+    /// ```json
+    /// {
     ///   "credential_type": "cert_subject_dn",
     ///   "name": "string",
     ///   "pem": "string"
-    /// }</code>
+    /// }
+    /// ```
     ///
     /// The credential will be created but not yet enabled for use until you set the corresponding properties in the client:
-    /// <list type="bullet">
-    ///   <item><description>To enable the credential for Private Key JWT or mTLS authentication methods, set the <c>client_authentication_methods</c> property on the client. For more information, read <see href="https://auth0.com/docs/get-started/applications/configure-private-key-jwt">Configure Private Key JWT Authentication</see> and <see href="https://auth0.com/docs/get-started/applications/configure-mtls">Configure mTLS Authentication</see></description></item>
-    ///   <item><description>To enable the credential for JWT-secured Authorization requests, set the <c>signed_request_object</c>property on the client. For more information, read <see href="https://auth0.com/docs/get-started/applications/configure-jar">Configure JWT-secured Authorization Requests (JAR)</see></description></item>
-    /// </list>
+    ///
+    /// - To enable the credential for Private Key JWT or mTLS authentication methods, set the `client_authentication_methods` property on the client. For more information, read [Configure Private Key JWT Authentication](https://auth0.com/docs/get-started/applications/configure-private-key-jwt) and [Configure mTLS Authentication](https://auth0.com/docs/get-started/applications/configure-mtls)
+    /// - To enable the credential for JWT-secured Authorization requests, set the `signed_request_object`property on the client. For more information, read [Configure JWT-secured Authorization Requests (JAR)](https://auth0.com/docs/get-started/applications/configure-jar)
     /// </summary>
     /// <example><code>
     /// await client.Clients.Credentials.CreateAsync(
@@ -454,7 +478,7 @@ public WithRawResponseTask<PostClientCredentialResponseContent> CreateAsync(
     /// <summary>
     /// Get the details of a client credential.
     ///
-    /// <b>Important</b>: To enable credentials to be used for a client authentication method, set the <c>client_authentication_methods</c> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <c>signed_request_object</c> property on the client.
+    /// **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
     /// </summary>
     /// <example><code>
     /// await client.Clients.Credentials.GetAsync("client_id", "credential_id");
diff --git a/src/Auth0.ManagementApi/Clients/Credentials/ICredentialsClient.cs b/src/Auth0.ManagementApi/Clients/Credentials/ICredentialsClient.cs
index 65e657cd6..d267a38c3 100644
--- a/src/Auth0.ManagementApi/Clients/Credentials/ICredentialsClient.cs
+++ b/src/Auth0.ManagementApi/Clients/Credentials/ICredentialsClient.cs
@@ -7,7 +7,7 @@ public partial interface ICredentialsClient
     /// <summary>
     /// Get the details of a client credential.
     ///
-    /// <b>Important</b>: To enable credentials to be used for a client authentication method, set the <c>client_authentication_methods</c> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <c>signed_request_object</c> property on the client.
+    /// **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
     /// </summary>
     WithRawResponseTask<IEnumerable<ClientCredential>> ListAsync(
         string clientId,
@@ -18,37 +18,61 @@ WithRawResponseTask<IEnumerable<ClientCredential>> ListAsync(
     /// <summary>
     /// Create a client credential associated to your application. Credentials can be used to configure Private Key JWT and mTLS authentication methods, as well as for JWT-secured Authorization requests.
     ///
-    /// <para>Public Key</para>Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+    /// **Public Key**
     ///
-    /// Sample: <code>{
+    /// Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+    ///
+    /// Sample:
+    ///
+    /// ```json
+    /// {
     ///   "credential_type": "public_key",
     ///   "name": "string",
     ///   "pem": "string",
     ///   "alg": "RS256",
     ///   "parse_expiry_from_cert": false,
     ///   "expires_at": "2022-12-31T23:59:59Z"
-    /// }</code>
-    /// <para>Certificate (CA-signed & self-signed)</para>Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+    /// }
+    /// ```
+    ///
+    /// **Certificate (CA-signed & self-signed)**
+    ///
+    /// Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+    ///
+    /// CA-signed Certificate Sample (pem):
     ///
-    /// CA-signed Certificate Sample (pem): <code>{
+    /// ```json
+    /// {
     ///   "credential_type": "x509_cert",
     ///   "name": "string",
     ///   "pem": "string"
-    /// }</code>CA-signed Certificate Sample (subject_dn): <code>{
+    /// }
+    /// ```
+    ///
+    /// CA-signed Certificate Sample (subject_dn):
+    ///
+    /// ```json
+    /// {
     ///   "credential_type": "cert_subject_dn",
     ///   "name": "string",
     ///   "subject_dn": "string"
-    /// }</code>Self-signed Certificate Sample: <code>{
+    /// }
+    /// ```
+    ///
+    /// Self-signed Certificate Sample:
+    ///
+    /// ```json
+    /// {
     ///   "credential_type": "cert_subject_dn",
     ///   "name": "string",
     ///   "pem": "string"
-    /// }</code>
+    /// }
+    /// ```
     ///
     /// The credential will be created but not yet enabled for use until you set the corresponding properties in the client:
-    /// <list type="bullet">
-    ///   <item><description>To enable the credential for Private Key JWT or mTLS authentication methods, set the <c>client_authentication_methods</c> property on the client. For more information, read <see href="https://auth0.com/docs/get-started/applications/configure-private-key-jwt">Configure Private Key JWT Authentication</see> and <see href="https://auth0.com/docs/get-started/applications/configure-mtls">Configure mTLS Authentication</see></description></item>
-    ///   <item><description>To enable the credential for JWT-secured Authorization requests, set the <c>signed_request_object</c>property on the client. For more information, read <see href="https://auth0.com/docs/get-started/applications/configure-jar">Configure JWT-secured Authorization Requests (JAR)</see></description></item>
-    /// </list>
+    ///
+    /// - To enable the credential for Private Key JWT or mTLS authentication methods, set the `client_authentication_methods` property on the client. For more information, read [Configure Private Key JWT Authentication](https://auth0.com/docs/get-started/applications/configure-private-key-jwt) and [Configure mTLS Authentication](https://auth0.com/docs/get-started/applications/configure-mtls)
+    /// - To enable the credential for JWT-secured Authorization requests, set the `signed_request_object`property on the client. For more information, read [Configure JWT-secured Authorization Requests (JAR)](https://auth0.com/docs/get-started/applications/configure-jar)
     /// </summary>
     WithRawResponseTask<PostClientCredentialResponseContent> CreateAsync(
         string clientId,
@@ -60,7 +84,7 @@ WithRawResponseTask<PostClientCredentialResponseContent> CreateAsync(
     /// <summary>
     /// Get the details of a client credential.
     ///
-    /// <b>Important</b>: To enable credentials to be used for a client authentication method, set the <c>client_authentication_methods</c> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <c>signed_request_object</c> property on the client.
+    /// **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
     /// </summary>
     WithRawResponseTask<GetClientCredentialResponseContent> GetAsync(
         string clientId,
diff --git a/src/Auth0.ManagementApi/Clients/IClientsClient.cs b/src/Auth0.ManagementApi/Clients/IClientsClient.cs
index b414be580..1d29160d1 100644
--- a/src/Auth0.ManagementApi/Clients/IClientsClient.cs
+++ b/src/Auth0.ManagementApi/Clients/IClientsClient.cs
@@ -10,38 +10,30 @@ public partial interface IClientsClient
 
     /// <summary>
     /// Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified.
-    /// For more information, read <see href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</see> and <see href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</see>.
+    /// For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
     ///
-    /// <list type="bullet">
-    ///   <item><description>
-    ///     The following can be retrieved with any scope:
-    ///     <c>client_id</c>, <c>app_type</c>, <c>name</c>, and <c>description</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     The following properties can only be retrieved with the <c>read:clients</c> or
-    ///     <c>read:client_keys</c> scope:
-    ///     <c>callbacks</c>, <c>oidc_logout</c>, <c>allowed_origins</c>,
-    ///     <c>web_origins</c>, <c>tenant</c>, <c>global</c>, <c>config_route</c>,
-    ///     <c>callback_url_template</c>, <c>jwt_configuration</c>,
-    ///     <c>jwt_configuration.lifetime_in_seconds</c>, <c>jwt_configuration.secret_encoded</c>,
-    ///     <c>jwt_configuration.scopes</c>, <c>jwt_configuration.alg</c>, <c>api_type</c>,
-    ///     <c>logo_uri</c>, <c>allowed_clients</c>, <c>owners</c>, <c>custom_login_page</c>,
-    ///     <c>custom_login_page_off</c>, <c>sso</c>, <c>addons</c>, <c>form_template</c>,
-    ///     <c>custom_login_page_codeview</c>, <c>resource_servers</c>, <c>client_metadata</c>,
-    ///     <c>mobile</c>, <c>mobile.android</c>, <c>mobile.ios</c>, <c>allowed_logout_urls</c>,
-    ///     <c>token_endpoint_auth_method</c>, <c>is_first_party</c>, <c>oidc_conformant</c>,
-    ///     <c>is_token_endpoint_ip_header_trusted</c>, <c>initiate_login_uri</c>, <c>grant_types</c>,
-    ///     <c>refresh_token</c>, <c>refresh_token.rotation_type</c>, <c>refresh_token.expiration_type</c>,
-    ///     <c>refresh_token.leeway</c>, <c>refresh_token.token_lifetime</c>, <c>refresh_token.policies</c>, <c>organization_usage</c>,
-    ///     <c>organization_require_behavior</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     The following properties can only be retrieved with the
-    ///     <c>read:client_keys</c> or <c>read:client_credentials</c> scope:
-    ///     <c>encryption_key</c>, <c>encryption_key.pub</c>, <c>encryption_key.cert</c>,
-    ///     <c>client_secret</c>, <c>client_authentication_methods</c> and <c>signing_key</c>.
-    ///   </description></item>
-    /// </list>
+    /// - The following can be retrieved with any scope:
+    ///     `client_id`, `app_type`, `name`, and `description`.
+    /// - The following properties can only be retrieved with the `read:clients` or
+    ///     `read:client_keys` scope:
+    ///     `callbacks`, `oidc_logout`, `allowed_origins`,
+    ///     `web_origins`, `tenant`, `global`, `config_route`,
+    ///     `callback_url_template`, `jwt_configuration`,
+    ///     `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+    ///     `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+    ///     `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+    ///     `custom_login_page_off`, `sso`, `addons`, `form_template`,
+    ///     `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+    ///     `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+    ///     `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+    ///     `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+    ///     `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+    ///     `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+    ///     `organization_require_behavior`.
+    /// - The following properties can only be retrieved with the
+    ///     `read:client_keys` or `read:client_credentials` scope:
+    ///     `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+    ///     `client_secret`, `client_authentication_methods` and `signing_key`.
     /// </summary>
     Task<Pager<Client>> ListAsync(
         ListClientsRequestParameters request,
@@ -50,18 +42,18 @@ Task<Pager<Client>> ListAsync(
     );
 
     /// <summary>
-    /// Create a new client (application or SSO integration). For more information, read <see href="https://www.auth0.com/docs/get-started/auth0-overview/create-applications">Create Applications</see>
-    /// <see href="https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on>"&gt;API Endpoints for Single Sign-On</see>.
+    /// Create a new client (application or SSO integration). For more information, read [Create Applications](https://www.auth0.com/docs/get-started/auth0-overview/create-applications)
+    /// [API Endpoints for Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on).
     ///
     /// Notes:
     /// - We recommend leaving the `client_secret` parameter unspecified to allow the generation of a safe secret.
-    /// - The <c>client_authentication_methods</c> and <c>token_endpoint_auth_method</c> properties are mutually exclusive. Use
-    /// <c>client_authentication_methods</c> to configure the client with Private Key JWT authentication method. Otherwise, use <c>token_endpoint_auth_method</c>
+    /// - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use
+    /// `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method`
     /// to configure the client with client secret (basic or post) or with no authentication method (none).
-    /// - When using <c>client_authentication_methods</c> to configure the client with Private Key JWT authentication method, specify fully defined credentials.
+    /// - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, specify fully defined credentials.
     /// These credentials will be automatically enabled for Private Key JWT authentication on the client.
-    /// - To configure <c>client_authentication_methods</c>, the <c>create:client_credentials</c> scope is required.
-    /// - To configure <c>client_authentication_methods</c>, the property <c>jwt_configuration.alg</c> must be set to RS256.
+    /// - To configure `client_authentication_methods`, the `create:client_credentials` scope is required.
+    /// - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
     ///
     /// SSO Integrations created via this endpoint will accept login requests and share user profile information.
     /// </summary>
@@ -105,36 +97,29 @@ WithRawResponseTask<RegisterCimdClientResponseContent> RegisterCimdClientAsync(
 
     /// <summary>
     /// Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified.
-    /// For more information, read <see href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</see> and <see href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</see>.
-    /// <list type="bullet">
-    ///   <item><description>
-    ///     The following properties can be retrieved with any of the scopes:
-    ///     <c>client_id</c>, <c>app_type</c>, <c>name</c>, and <c>description</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     The following properties can only be retrieved with the <c>read:clients</c> or
-    ///     <c>read:client_keys</c> scopes:
-    ///     <c>callbacks</c>, <c>oidc_logout</c>, <c>allowed_origins</c>,
-    ///     <c>web_origins</c>, <c>tenant</c>, <c>global</c>, <c>config_route</c>,
-    ///     <c>callback_url_template</c>, <c>jwt_configuration</c>,
-    ///     <c>jwt_configuration.lifetime_in_seconds</c>, <c>jwt_configuration.secret_encoded</c>,
-    ///     <c>jwt_configuration.scopes</c>, <c>jwt_configuration.alg</c>, <c>api_type</c>,
-    ///     <c>logo_uri</c>, <c>allowed_clients</c>, <c>owners</c>, <c>custom_login_page</c>,
-    ///     <c>custom_login_page_off</c>, <c>sso</c>, <c>addons</c>, <c>form_template</c>,
-    ///     <c>custom_login_page_codeview</c>, <c>resource_servers</c>, <c>client_metadata</c>,
-    ///     <c>mobile</c>, <c>mobile.android</c>, <c>mobile.ios</c>, <c>allowed_logout_urls</c>,
-    ///     <c>token_endpoint_auth_method</c>, <c>is_first_party</c>, <c>oidc_conformant</c>,
-    ///     <c>is_token_endpoint_ip_header_trusted</c>, <c>initiate_login_uri</c>, <c>grant_types</c>,
-    ///     <c>refresh_token</c>, <c>refresh_token.rotation_type</c>, <c>refresh_token.expiration_type</c>,
-    ///     <c>refresh_token.leeway</c>, <c>refresh_token.token_lifetime</c>, <c>refresh_token.policies</c>, <c>organization_usage</c>,
-    ///     <c>organization_require_behavior</c>.
-    ///   </description></item>
-    ///   <item><description>
-    ///     The following properties can only be retrieved with the <c>read:client_keys</c> or <c>read:client_credentials</c> scopes:
-    ///     <c>encryption_key</c>, <c>encryption_key.pub</c>, <c>encryption_key.cert</c>,
-    ///     <c>client_secret</c>, <c>client_authentication_methods</c> and <c>signing_key</c>.
-    ///   </description></item>
-    /// </list>
+    /// For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+    ///
+    /// - The following properties can be retrieved with any of the scopes:
+    ///     `client_id`, `app_type`, `name`, and `description`.
+    /// - The following properties can only be retrieved with the `read:clients` or
+    ///     `read:client_keys` scopes:
+    ///     `callbacks`, `oidc_logout`, `allowed_origins`,
+    ///     `web_origins`, `tenant`, `global`, `config_route`,
+    ///     `callback_url_template`, `jwt_configuration`,
+    ///     `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+    ///     `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+    ///     `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+    ///     `custom_login_page_off`, `sso`, `addons`, `form_template`,
+    ///     `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+    ///     `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+    ///     `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+    ///     `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+    ///     `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+    ///     `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+    ///     `organization_require_behavior`.
+    /// - The following properties can only be retrieved with the `read:client_keys` or `read:client_credentials` scopes:
+    ///     `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+    ///     `client_secret`, `client_authentication_methods` and `signing_key`.
     /// </summary>
     WithRawResponseTask<GetClientResponseContent> GetAsync(
         string id,
@@ -153,15 +138,15 @@ Task DeleteAsync(
     );
 
     /// <summary>
-    /// Updates a client's settings. For more information, read <see href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</see> and <see href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</see>.
+    /// Updates a client's settings. For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
     ///
     /// Notes:
     /// - The `client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope.
-    /// - The <c>client_authentication_methods</c> and <c>token_endpoint_auth_method</c> properties are mutually exclusive. Use <c>client_authentication_methods</c> to configure the client with Private Key JWT authentication method. Otherwise, use <c>token_endpoint_auth_method</c> to configure the client with client secret (basic or post) or with no authentication method (none).
-    /// - When using <c>client_authentication_methods</c> to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
-    /// - To configure <c>client_authentication_methods</c>, the <c>update:client_credentials</c> scope is required.
-    /// - To configure <c>client_authentication_methods</c>, the property <c>jwt_configuration.alg</c> must be set to RS256.
-    /// - To change a client's <c>is_first_party</c> property to <c>false</c>, the <c>organization_usage</c> and <c>organization_require_behavior</c> properties must be unset.
+    /// - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).
+    /// - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
+    /// - To configure `client_authentication_methods`, the `update:client_credentials` scope is required.
+    /// - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
+    /// - To change a client's `is_first_party` property to `false`, the `organization_usage` and `organization_require_behavior` properties must be unset.
     /// </summary>
     WithRawResponseTask<UpdateClientResponseContent> UpdateAsync(
         string id,
@@ -175,7 +160,7 @@ WithRawResponseTask<UpdateClientResponseContent> UpdateAsync(
     ///
     /// This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.
     ///
-    /// For more information, read <see href="https://www.auth0.com/docs/get-started/applications/rotate-client-secret">Rotate Client Secrets</see>.
+    /// For more information, read [Rotate Client Secrets](https://www.auth0.com/docs/get-started/applications/rotate-client-secret).
     /// </summary>
     WithRawResponseTask<RotateClientSecretResponseContent> RotateSecretAsync(
         string id,
diff --git a/src/Auth0.ManagementApi/DeviceCredentials/DeviceCredentialsClient.cs b/src/Auth0.ManagementApi/DeviceCredentials/DeviceCredentialsClient.cs
index 913c34fbe..75dacd5a0 100644
--- a/src/Auth0.ManagementApi/DeviceCredentials/DeviceCredentialsClient.cs
+++ b/src/Auth0.ManagementApi/DeviceCredentials/DeviceCredentialsClient.cs
@@ -13,7 +13,7 @@ internal DeviceCredentialsClient(RawClient client)
     }
 
     /// <summary>
-    /// Retrieve device credential information (<c>public_key</c>, <c>refresh_token</c>, or <c>rotating_refresh_token</c>) associated with a specific user.
+    /// Retrieve device credential information (`public_key`, `refresh_token`, or `rotating_refresh_token`) associated with a specific user.
     /// </summary>
     private WithRawResponseTask<ListDeviceCredentialsOffsetPaginatedResponseContent> ListInternalAsync(
         ListDeviceCredentialsRequestParameters request,
@@ -225,7 +225,7 @@ private async Task<
     }
 
     /// <summary>
-    /// Retrieve device credential information (<c>public_key</c>, <c>refresh_token</c>, or <c>rotating_refresh_token</c>) associated with a specific user.
+    /// Retrieve device credential information (`public_key`, `refresh_token`, or `rotating_refresh_token`) associated with a specific user.
     /// </summary>
     /// <example><code>
     /// await client.DeviceCredentials.ListAsync(
@@ -277,9 +277,9 @@ await ListInternalAsync(request, options, cancellationToken).WithRawResponse(),
     }
 
     /// <summary>
-    /// Create a device credential public key to manage refresh token rotation for a given <c>user_id</c>. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
+    /// Create a device credential public key to manage refresh token rotation for a given `user_id`. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
     ///
-    /// When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read <see href="https://auth0.com/docs/get-started/tenant-settings/signing-keys"> Signing Keys</see>.
+    /// When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read [Signing Keys](https://auth0.com/docs/get-started/tenant-settings/signing-keys).
     /// </summary>
     /// <example><code>
     /// await client.DeviceCredentials.CreatePublicKeyAsync(
diff --git a/src/Auth0.ManagementApi/DeviceCredentials/IDeviceCredentialsClient.cs b/src/Auth0.ManagementApi/DeviceCredentials/IDeviceCredentialsClient.cs
index cdbe0ed51..2eab6be27 100644
--- a/src/Auth0.ManagementApi/DeviceCredentials/IDeviceCredentialsClient.cs
+++ b/src/Auth0.ManagementApi/DeviceCredentials/IDeviceCredentialsClient.cs
@@ -5,7 +5,7 @@ namespace Auth0.ManagementApi;
 public partial interface IDeviceCredentialsClient
 {
     /// <summary>
-    /// Retrieve device credential information (<c>public_key</c>, <c>refresh_token</c>, or <c>rotating_refresh_token</c>) associated with a specific user.
+    /// Retrieve device credential information (`public_key`, `refresh_token`, or `rotating_refresh_token`) associated with a specific user.
     /// </summary>
     Task<Pager<DeviceCredential>> ListAsync(
         ListDeviceCredentialsRequestParameters request,
@@ -14,9 +14,9 @@ Task<Pager<DeviceCredential>> ListAsync(
     );
 
     /// <summary>
-    /// Create a device credential public key to manage refresh token rotation for a given <c>user_id</c>. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
+    /// Create a device credential public key to manage refresh token rotation for a given `user_id`. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
     ///
-    /// When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read <see href="https://auth0.com/docs/get-started/tenant-settings/signing-keys"> Signing Keys</see>.
+    /// When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read [Signing Keys](https://auth0.com/docs/get-started/tenant-settings/signing-keys).
     /// </summary>
     WithRawResponseTask<CreatePublicKeyDeviceCredentialResponseContent> CreatePublicKeyAsync(
         CreatePublicKeyDeviceCredentialRequestContent request,
diff --git a/src/Auth0.ManagementApi/Organizations/DiscoveryDomains/DiscoveryDomainsClient.cs b/src/Auth0.ManagementApi/Organizations/DiscoveryDomains/DiscoveryDomainsClient.cs
index 30766708f..ed442be47 100644
--- a/src/Auth0.ManagementApi/Organizations/DiscoveryDomains/DiscoveryDomainsClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/DiscoveryDomains/DiscoveryDomainsClient.cs
@@ -682,7 +682,7 @@ public async Task DeleteAsync(
     }
 
     /// <summary>
-    /// Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The <c>status</c> field must be either <c>pending</c> or <c>verified</c>. The <c>use_for_organization_discovery</c> field can be <c>true</c> or <c>false</c> (default: <c>true</c>).
+    /// Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The `status` field must be either `pending` or `verified`. The `use_for_organization_discovery` field can be `true` or `false` (default: `true`).
     /// </summary>
     /// <example><code>
     /// await client.Organizations.DiscoveryDomains.UpdateAsync(
diff --git a/src/Auth0.ManagementApi/Organizations/DiscoveryDomains/IDiscoveryDomainsClient.cs b/src/Auth0.ManagementApi/Organizations/DiscoveryDomains/IDiscoveryDomainsClient.cs
index 69784c167..ee89effd0 100644
--- a/src/Auth0.ManagementApi/Organizations/DiscoveryDomains/IDiscoveryDomainsClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/DiscoveryDomains/IDiscoveryDomainsClient.cs
@@ -59,7 +59,7 @@ Task DeleteAsync(
     );
 
     /// <summary>
-    /// Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The <c>status</c> field must be either <c>pending</c> or <c>verified</c>. The <c>use_for_organization_discovery</c> field can be <c>true</c> or <c>false</c> (default: <c>true</c>).
+    /// Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The `status` field must be either `pending` or `verified`. The `use_for_organization_discovery` field can be `true` or `false` (default: `true`).
     /// </summary>
     WithRawResponseTask<UpdateOrganizationDiscoveryDomainResponseContent> UpdateAsync(
         string id,
diff --git a/src/Auth0.ManagementApi/Organizations/EnabledConnections/EnabledConnectionsClient.cs b/src/Auth0.ManagementApi/Organizations/EnabledConnections/EnabledConnectionsClient.cs
index 4455b9263..a885f54b9 100644
--- a/src/Auth0.ManagementApi/Organizations/EnabledConnections/EnabledConnectionsClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/EnabledConnections/EnabledConnectionsClient.cs
@@ -458,7 +458,7 @@ await ListInternalAsync(id, request, options, cancellationToken)
     /// <summary>
     /// Enable a specific connection for a given Organization. To enable a connection, it must already exist within your tenant; connections cannot be created through this action.
     ///
-    /// <see href="https://auth0.com/docs/authenticate/identity-providers">Connections</see> represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
+    /// [Connections](https://auth0.com/docs/authenticate/identity-providers) represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
     /// </summary>
     /// <example><code>
     /// await client.Organizations.EnabledConnections.AddAsync(
@@ -499,7 +499,7 @@ public WithRawResponseTask<GetOrganizationConnectionResponseContent> GetAsync(
     /// <summary>
     /// Disable a specific connection for an Organization. Once disabled, Organization members can no longer use that connection to authenticate.
     ///
-    /// <b>Note</b>: This action does not remove the connection from your tenant.
+    /// **Note**: This action does not remove the connection from your tenant.
     /// </summary>
     /// <example><code>
     /// await client.Organizations.EnabledConnections.DeleteAsync("id", "connectionId");
diff --git a/src/Auth0.ManagementApi/Organizations/EnabledConnections/IEnabledConnectionsClient.cs b/src/Auth0.ManagementApi/Organizations/EnabledConnections/IEnabledConnectionsClient.cs
index 19a9cd4fd..b8151e249 100644
--- a/src/Auth0.ManagementApi/Organizations/EnabledConnections/IEnabledConnectionsClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/EnabledConnections/IEnabledConnectionsClient.cs
@@ -18,7 +18,7 @@ Task<Pager<OrganizationConnection>> ListAsync(
     /// <summary>
     /// Enable a specific connection for a given Organization. To enable a connection, it must already exist within your tenant; connections cannot be created through this action.
     ///
-    /// <see href="https://auth0.com/docs/authenticate/identity-providers">Connections</see> represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
+    /// [Connections](https://auth0.com/docs/authenticate/identity-providers) represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
     /// </summary>
     WithRawResponseTask<AddOrganizationConnectionResponseContent> AddAsync(
         string id,
@@ -40,7 +40,7 @@ WithRawResponseTask<GetOrganizationConnectionResponseContent> GetAsync(
     /// <summary>
     /// Disable a specific connection for an Organization. Once disabled, Organization members can no longer use that connection to authenticate.
     ///
-    /// <b>Note</b>: This action does not remove the connection from your tenant.
+    /// **Note**: This action does not remove the connection from your tenant.
     /// </summary>
     Task DeleteAsync(
         string id,
diff --git a/src/Auth0.ManagementApi/Organizations/Groups/GroupsClient.cs b/src/Auth0.ManagementApi/Organizations/Groups/GroupsClient.cs
new file mode 100644
index 000000000..54712abb8
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Groups/GroupsClient.cs
@@ -0,0 +1,175 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+
+namespace Auth0.ManagementApi.Organizations;
+
+public partial class GroupsClient : IGroupsClient
+{
+    private readonly RawClient _client;
+
+    internal GroupsClient(RawClient client)
+    {
+        _client = client;
+        Roles = new Auth0.ManagementApi.Organizations.Groups.RolesClient(_client);
+    }
+
+    public Auth0.ManagementApi.Organizations.Groups.IRolesClient Roles { get; }
+
+    /// <summary>
+    /// Lists the groups that are assigned to the specified organization.
+    /// </summary>
+    private WithRawResponseTask<ListOrganizationGroupsResponseContent> ListInternalAsync(
+        string organizationId,
+        ListOrganizationGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        return new WithRawResponseTask<ListOrganizationGroupsResponseContent>(
+            ListInternalAsyncCore(organizationId, request, options, cancellationToken)
+        );
+    }
+
+    private async Task<
+        WithRawResponse<ListOrganizationGroupsResponseContent>
+    > ListInternalAsyncCore(
+        string organizationId,
+        ListOrganizationGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _queryString = new Auth0.ManagementApi.Core.QueryStringBuilder.Builder(capacity: 2)
+            .Add("from", request.From.IsDefined ? request.From.Value : null)
+            .Add("take", request.Take.IsDefined ? request.Take.Value : null)
+            .MergeAdditional(options?.AdditionalQueryParameters)
+            .Build();
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Get,
+                    Path = string.Format(
+                        "organizations/{0}/groups",
+                        ValueConvert.ToPathParameterString(organizationId)
+                    ),
+                    QueryString = _queryString,
+                    Headers = _headers,
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                var responseData = JsonUtils.Deserialize<ListOrganizationGroupsResponseContent>(
+                    responseBody
+                )!;
+                return new WithRawResponse<ListOrganizationGroupsResponseContent>()
+                {
+                    Data = responseData,
+                    RawResponse = new RawResponse()
+                    {
+                        StatusCode = response.Raw.StatusCode,
+                        Url = response.Raw.RequestMessage?.RequestUri ?? new Uri("about:blank"),
+                        Headers = ResponseHeaders.FromHttpResponseMessage(response.Raw),
+                    },
+                };
+            }
+            catch (JsonException e)
+            {
+                throw new ManagementApiException(
+                    "Failed to deserialize response",
+                    response.StatusCode,
+                    null,
+                    e
+                );
+            }
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+
+    /// <summary>
+    /// Lists the groups that are assigned to the specified organization.
+    /// </summary>
+    /// <example><code>
+    /// await client.Organizations.Groups.ListAsync(
+    ///     "organization_id",
+    ///     new ListOrganizationGroupsRequestParameters { From = "from", Take = 1 }
+    /// );
+    /// </code></example>
+    public async Task<Pager<Group>> ListAsync(
+        string organizationId,
+        ListOrganizationGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        if (request is not null)
+        {
+            request = request with { };
+        }
+        var pager = await CursorPager<
+            ListOrganizationGroupsRequestParameters,
+            RequestOptions?,
+            ListOrganizationGroupsResponseContent,
+            string?,
+            Group
+        >
+            .CreateInstanceAsync(
+                request,
+                options,
+                async (request, options, cancellationToken) =>
+                    await ListInternalAsync(organizationId, request, options, cancellationToken)
+                        .WithRawResponse(),
+                (request, cursor) =>
+                {
+                    request.From = cursor;
+                },
+                response => response.Next,
+                response => response.Groups?.ToList(),
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        return pager;
+    }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Groups/IGroupsClient.cs b/src/Auth0.ManagementApi/Organizations/Groups/IGroupsClient.cs
new file mode 100644
index 000000000..9a9e06872
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Groups/IGroupsClient.cs
@@ -0,0 +1,19 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Organizations;
+
+public partial interface IGroupsClient
+{
+    public Auth0.ManagementApi.Organizations.Groups.IRolesClient Roles { get; }
+
+    /// <summary>
+    /// Lists the groups that are assigned to the specified organization.
+    /// </summary>
+    Task<Pager<Group>> ListAsync(
+        string organizationId,
+        ListOrganizationGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Groups/Requests/ListOrganizationGroupsRequestParameters.cs b/src/Auth0.ManagementApi/Organizations/Groups/Requests/ListOrganizationGroupsRequestParameters.cs
new file mode 100644
index 000000000..720acf2f6
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Groups/Requests/ListOrganizationGroupsRequestParameters.cs
@@ -0,0 +1,26 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Organizations;
+
+[Serializable]
+public record ListOrganizationGroupsRequestParameters
+{
+    /// <summary>
+    /// Optional Id from which to start selection.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<string?> From { get; set; }
+
+    /// <summary>
+    /// Number of results per page. Defaults to 50.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<int?> Take { get; set; } = 50;
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Groups/Roles/IRolesClient.cs b/src/Auth0.ManagementApi/Organizations/Groups/Roles/IRolesClient.cs
new file mode 100644
index 000000000..c9ff8d153
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Groups/Roles/IRolesClient.cs
@@ -0,0 +1,40 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Organizations.Groups;
+
+public partial interface IRolesClient
+{
+    /// <summary>
+    /// Lists the roles assigned to the specified group in the context of an organization.
+    /// </summary>
+    Task<Pager<Role>> ListAsync(
+        string organizationId,
+        string groupId,
+        ListOrganizationGroupRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+
+    /// <summary>
+    /// Assign one or more roles to a specified group in the context of an organization.
+    /// </summary>
+    Task CreateAsync(
+        string organizationId,
+        string groupId,
+        CreateOrganizationGroupRolesRequestContent request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+
+    /// <summary>
+    /// Unassign one or more roles from a specified group in the context of an organization.
+    /// </summary>
+    Task DeleteAsync(
+        string organizationId,
+        string groupId,
+        DeleteOrganizationGroupRolesRequestContent request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Groups/Roles/Requests/CreateOrganizationGroupRolesRequestContent.cs b/src/Auth0.ManagementApi/Organizations/Groups/Roles/Requests/CreateOrganizationGroupRolesRequestContent.cs
new file mode 100644
index 000000000..b294f90a5
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Groups/Roles/Requests/CreateOrganizationGroupRolesRequestContent.cs
@@ -0,0 +1,20 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Organizations.Groups;
+
+[Serializable]
+public record CreateOrganizationGroupRolesRequestContent
+{
+    /// <summary>
+    /// Array of role IDs to assign to organization group.
+    /// </summary>
+    [JsonPropertyName("roles")]
+    public IEnumerable<string> Roles { get; set; } = new List<string>();
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Groups/Roles/Requests/DeleteOrganizationGroupRolesRequestContent.cs b/src/Auth0.ManagementApi/Organizations/Groups/Roles/Requests/DeleteOrganizationGroupRolesRequestContent.cs
new file mode 100644
index 000000000..c4fee3ae2
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Groups/Roles/Requests/DeleteOrganizationGroupRolesRequestContent.cs
@@ -0,0 +1,20 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Organizations.Groups;
+
+[Serializable]
+public record DeleteOrganizationGroupRolesRequestContent
+{
+    /// <summary>
+    /// Array of role IDs to delete from organization group.
+    /// </summary>
+    [JsonPropertyName("roles")]
+    public IEnumerable<string> Roles { get; set; } = new List<string>();
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Groups/Roles/Requests/ListOrganizationGroupRolesRequestParameters.cs b/src/Auth0.ManagementApi/Organizations/Groups/Roles/Requests/ListOrganizationGroupRolesRequestParameters.cs
new file mode 100644
index 000000000..bc46520dd
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Groups/Roles/Requests/ListOrganizationGroupRolesRequestParameters.cs
@@ -0,0 +1,26 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Organizations.Groups;
+
+[Serializable]
+public record ListOrganizationGroupRolesRequestParameters
+{
+    /// <summary>
+    /// Optional Id from which to start selection.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<string?> From { get; set; }
+
+    /// <summary>
+    /// Number of results per page. Defaults to 50.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<int?> Take { get; set; } = 50;
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Groups/Roles/RolesClient.cs b/src/Auth0.ManagementApi/Organizations/Groups/Roles/RolesClient.cs
new file mode 100644
index 000000000..23348c294
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Groups/Roles/RolesClient.cs
@@ -0,0 +1,337 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+
+namespace Auth0.ManagementApi.Organizations.Groups;
+
+public partial class RolesClient : IRolesClient
+{
+    private readonly RawClient _client;
+
+    internal RolesClient(RawClient client)
+    {
+        _client = client;
+    }
+
+    /// <summary>
+    /// Lists the roles assigned to the specified group in the context of an organization.
+    /// </summary>
+    private WithRawResponseTask<ListOrganizationGroupRolesResponseContent> ListInternalAsync(
+        string organizationId,
+        string groupId,
+        ListOrganizationGroupRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        return new WithRawResponseTask<ListOrganizationGroupRolesResponseContent>(
+            ListInternalAsyncCore(organizationId, groupId, request, options, cancellationToken)
+        );
+    }
+
+    private async Task<
+        WithRawResponse<ListOrganizationGroupRolesResponseContent>
+    > ListInternalAsyncCore(
+        string organizationId,
+        string groupId,
+        ListOrganizationGroupRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _queryString = new Auth0.ManagementApi.Core.QueryStringBuilder.Builder(capacity: 2)
+            .Add("from", request.From.IsDefined ? request.From.Value : null)
+            .Add("take", request.Take.IsDefined ? request.Take.Value : null)
+            .MergeAdditional(options?.AdditionalQueryParameters)
+            .Build();
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Get,
+                    Path = string.Format(
+                        "organizations/{0}/groups/{1}/roles",
+                        ValueConvert.ToPathParameterString(organizationId),
+                        ValueConvert.ToPathParameterString(groupId)
+                    ),
+                    QueryString = _queryString,
+                    Headers = _headers,
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                var responseData = JsonUtils.Deserialize<ListOrganizationGroupRolesResponseContent>(
+                    responseBody
+                )!;
+                return new WithRawResponse<ListOrganizationGroupRolesResponseContent>()
+                {
+                    Data = responseData,
+                    RawResponse = new RawResponse()
+                    {
+                        StatusCode = response.Raw.StatusCode,
+                        Url = response.Raw.RequestMessage?.RequestUri ?? new Uri("about:blank"),
+                        Headers = ResponseHeaders.FromHttpResponseMessage(response.Raw),
+                    },
+                };
+            }
+            catch (JsonException e)
+            {
+                throw new ManagementApiException(
+                    "Failed to deserialize response",
+                    response.StatusCode,
+                    null,
+                    e
+                );
+            }
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+
+    /// <summary>
+    /// Lists the roles assigned to the specified group in the context of an organization.
+    /// </summary>
+    /// <example><code>
+    /// await client.Organizations.Groups.Roles.ListAsync(
+    ///     "organization_id",
+    ///     "group_id",
+    ///     new ListOrganizationGroupRolesRequestParameters { From = "from", Take = 1 }
+    /// );
+    /// </code></example>
+    public async Task<Pager<Role>> ListAsync(
+        string organizationId,
+        string groupId,
+        ListOrganizationGroupRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        if (request is not null)
+        {
+            request = request with { };
+        }
+        var pager = await CursorPager<
+            ListOrganizationGroupRolesRequestParameters,
+            RequestOptions?,
+            ListOrganizationGroupRolesResponseContent,
+            string?,
+            Role
+        >
+            .CreateInstanceAsync(
+                request,
+                options,
+                async (request, options, cancellationToken) =>
+                    await ListInternalAsync(
+                            organizationId,
+                            groupId,
+                            request,
+                            options,
+                            cancellationToken
+                        )
+                        .WithRawResponse(),
+                (request, cursor) =>
+                {
+                    request.From = cursor;
+                },
+                response => response.Next,
+                response => response.Roles?.ToList(),
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        return pager;
+    }
+
+    /// <summary>
+    /// Assign one or more roles to a specified group in the context of an organization.
+    /// </summary>
+    /// <example><code>
+    /// await client.Organizations.Groups.Roles.CreateAsync(
+    ///     "organization_id",
+    ///     "group_id",
+    ///     new CreateOrganizationGroupRolesRequestContent { Roles = new List&lt;string&gt;() { "roles" } }
+    /// );
+    /// </code></example>
+    public async Task CreateAsync(
+        string organizationId,
+        string groupId,
+        CreateOrganizationGroupRolesRequestContent request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Post,
+                    Path = string.Format(
+                        "organizations/{0}/groups/{1}/roles",
+                        ValueConvert.ToPathParameterString(organizationId),
+                        ValueConvert.ToPathParameterString(groupId)
+                    ),
+                    Body = request,
+                    Headers = _headers,
+                    ContentType = "application/json",
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            return;
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 409:
+                        throw new ConflictError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+
+    /// <summary>
+    /// Unassign one or more roles from a specified group in the context of an organization.
+    /// </summary>
+    /// <example><code>
+    /// await client.Organizations.Groups.Roles.DeleteAsync(
+    ///     "organization_id",
+    ///     "group_id",
+    ///     new DeleteOrganizationGroupRolesRequestContent { Roles = new List&lt;string&gt;() { "roles" } }
+    /// );
+    /// </code></example>
+    public async Task DeleteAsync(
+        string organizationId,
+        string groupId,
+        DeleteOrganizationGroupRolesRequestContent request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Delete,
+                    Path = string.Format(
+                        "organizations/{0}/groups/{1}/roles",
+                        ValueConvert.ToPathParameterString(organizationId),
+                        ValueConvert.ToPathParameterString(groupId)
+                    ),
+                    Body = request,
+                    Headers = _headers,
+                    ContentType = "application/json",
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            return;
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/IOrganizationsClient.cs b/src/Auth0.ManagementApi/Organizations/IOrganizationsClient.cs
index 10c50049a..459edcef0 100644
--- a/src/Auth0.ManagementApi/Organizations/IOrganizationsClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/IOrganizationsClient.cs
@@ -11,27 +11,26 @@ public partial interface IOrganizationsClient
     public IEnabledConnectionsClient EnabledConnections { get; }
     public IInvitationsClient Invitations { get; }
     public Auth0.ManagementApi.Organizations.IMembersClient Members { get; }
+    public Auth0.ManagementApi.Organizations.IGroupsClient Groups { get; }
 
     /// <summary>
     /// Retrieve detailed list of all Organizations available in your tenant. For more information, see Auth0 Organizations.
     ///
     /// This endpoint supports two types of pagination:
-    /// <list type="bullet">
-    /// <item><description>Offset pagination</description></item>
-    /// <item><description>Checkpoint pagination</description></item>
-    /// </list>
+    ///
+    /// - Offset pagination
+    /// - Checkpoint pagination
     ///
     /// Checkpoint pagination must be used if you need to retrieve more than 1000 organizations.
     ///
-    /// <para>Checkpoint Pagination</para>
+    /// **Checkpoint Pagination**
     ///
     /// To search by checkpoint, use the following parameters:
-    /// <list type="bullet">
-    /// <item><description><c>from</c>: Optional id from which to start selection.</description></item>
-    /// <item><description><c>take</c>: The total number of entries to retrieve when using the <c>from</c> parameter. Defaults to 50.</description></item>
-    /// </list>
     ///
-    /// <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <c>from</c> parameter. If there are more results, a <c>next</c> value is included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, no pages are remaining.
+    /// - `from`: Optional id from which to start selection.
+    /// - `take`: The total number of entries to retrieve when using the `from` parameter. Defaults to 50.
+    ///
+    /// **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
     /// </summary>
     Task<Pager<Organization>> ListAsync(
         ListOrganizationsRequestParameters request,
@@ -40,7 +39,7 @@ Task<Pager<Organization>> ListAsync(
     );
 
     /// <summary>
-    /// Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review <see href="https://auth0.com/docs/manage-users/organizations/create-first-organization">Create Your First Organization</see>.
+    /// Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review [Create Your First Organization](https://auth0.com/docs/manage-users/organizations/create-first-organization).
     /// </summary>
     WithRawResponseTask<CreateOrganizationResponseContent> CreateAsync(
         CreateOrganizationRequestContent request,
@@ -69,7 +68,7 @@ WithRawResponseTask<GetOrganizationResponseContent> GetAsync(
     /// <summary>
     /// Remove an Organization from your tenant.  This action cannot be undone.
     ///
-    /// <b>Note</b>: Members are automatically disassociated from an Organization when it is deleted. However, this action does <b>not</b> delete these users from your tenant.
+    /// **Note**: Members are automatically disassociated from an Organization when it is deleted. However, this action does **not** delete these users from your tenant.
     /// </summary>
     Task DeleteAsync(
         string id,
@@ -78,7 +77,7 @@ Task DeleteAsync(
     );
 
     /// <summary>
-    /// Update the details of a specific <see href="https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations">Organization</see>, such as name and display name, branding options, and metadata.
+    /// Update the details of a specific [Organization](https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations), such as name and display name, branding options, and metadata.
     /// </summary>
     WithRawResponseTask<UpdateOrganizationResponseContent> UpdateAsync(
         string id,
diff --git a/src/Auth0.ManagementApi/Organizations/Invitations/IInvitationsClient.cs b/src/Auth0.ManagementApi/Organizations/Invitations/IInvitationsClient.cs
index 7c6dceb5c..653b70739 100644
--- a/src/Auth0.ManagementApi/Organizations/Invitations/IInvitationsClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/Invitations/IInvitationsClient.cs
@@ -6,7 +6,7 @@ namespace Auth0.ManagementApi.Organizations;
 public partial interface IInvitationsClient
 {
     /// <summary>
-    /// Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review <see href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</see>.
+    /// Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
     /// </summary>
     Task<Pager<OrganizationInvitation>> ListAsync(
         string id,
@@ -16,7 +16,7 @@ Task<Pager<OrganizationInvitation>> ListAsync(
     );
 
     /// <summary>
-    /// Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review <see href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</see>.
+    /// Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
     /// </summary>
     WithRawResponseTask<CreateOrganizationInvitationResponseContent> CreateAsync(
         string id,
diff --git a/src/Auth0.ManagementApi/Organizations/Invitations/InvitationsClient.cs b/src/Auth0.ManagementApi/Organizations/Invitations/InvitationsClient.cs
index 06e74dadc..03bff51c1 100644
--- a/src/Auth0.ManagementApi/Organizations/Invitations/InvitationsClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/Invitations/InvitationsClient.cs
@@ -14,7 +14,7 @@ internal InvitationsClient(RawClient client)
     }
 
     /// <summary>
-    /// Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review <see href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</see>.
+    /// Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
     /// </summary>
     private WithRawResponseTask<ListOrganizationInvitationsOffsetPaginatedResponseContent> ListInternalAsync(
         string id,
@@ -337,7 +337,7 @@ private async Task<WithRawResponse<GetOrganizationInvitationResponseContent>> Ge
     }
 
     /// <summary>
-    /// Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review <see href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</see>.
+    /// Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
     /// </summary>
     /// <example><code>
     /// await client.Organizations.Invitations.ListAsync(
@@ -390,7 +390,7 @@ await ListInternalAsync(id, request, options, cancellationToken)
     }
 
     /// <summary>
-    /// Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review <see href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</see>.
+    /// Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
     /// </summary>
     /// <example><code>
     /// await client.Organizations.Invitations.CreateAsync(
diff --git a/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/EffectiveRolesClient.cs b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/EffectiveRolesClient.cs
new file mode 100644
index 000000000..3dff3af77
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/EffectiveRolesClient.cs
@@ -0,0 +1,184 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+
+namespace Auth0.ManagementApi.Organizations.Members;
+
+public partial class EffectiveRolesClient : IEffectiveRolesClient
+{
+    private readonly RawClient _client;
+
+    internal EffectiveRolesClient(RawClient client)
+    {
+        _client = client;
+        Sources =
+            new Auth0.ManagementApi.Organizations.Members.EffectiveRoles.Sources.SourcesClient(
+                _client
+            );
+    }
+
+    public Auth0.ManagementApi.Organizations.Members.EffectiveRoles.Sources.ISourcesClient Sources { get; }
+
+    /// <summary>
+    /// Lists the roles assigned to an organization member directly or through group membership.
+    /// </summary>
+    private WithRawResponseTask<ListOrganizationMemberEffectiveRolesResponseContent> ListInternalAsync(
+        string id,
+        string userId,
+        ListOrganizationMemberEffectiveRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        return new WithRawResponseTask<ListOrganizationMemberEffectiveRolesResponseContent>(
+            ListInternalAsyncCore(id, userId, request, options, cancellationToken)
+        );
+    }
+
+    private async Task<
+        WithRawResponse<ListOrganizationMemberEffectiveRolesResponseContent>
+    > ListInternalAsyncCore(
+        string id,
+        string userId,
+        ListOrganizationMemberEffectiveRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _queryString = new Auth0.ManagementApi.Core.QueryStringBuilder.Builder(capacity: 2)
+            .Add("from", request.From.IsDefined ? request.From.Value : null)
+            .Add("take", request.Take.IsDefined ? request.Take.Value : null)
+            .MergeAdditional(options?.AdditionalQueryParameters)
+            .Build();
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Get,
+                    Path = string.Format(
+                        "organizations/{0}/members/{1}/effective-roles",
+                        ValueConvert.ToPathParameterString(id),
+                        ValueConvert.ToPathParameterString(userId)
+                    ),
+                    QueryString = _queryString,
+                    Headers = _headers,
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                var responseData =
+                    JsonUtils.Deserialize<ListOrganizationMemberEffectiveRolesResponseContent>(
+                        responseBody
+                    )!;
+                return new WithRawResponse<ListOrganizationMemberEffectiveRolesResponseContent>()
+                {
+                    Data = responseData,
+                    RawResponse = new RawResponse()
+                    {
+                        StatusCode = response.Raw.StatusCode,
+                        Url = response.Raw.RequestMessage?.RequestUri ?? new Uri("about:blank"),
+                        Headers = ResponseHeaders.FromHttpResponseMessage(response.Raw),
+                    },
+                };
+            }
+            catch (JsonException e)
+            {
+                throw new ManagementApiException(
+                    "Failed to deserialize response",
+                    response.StatusCode,
+                    null,
+                    e
+                );
+            }
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+
+    /// <summary>
+    /// Lists the roles assigned to an organization member directly or through group membership.
+    /// </summary>
+    /// <example><code>
+    /// await client.Organizations.Members.EffectiveRoles.ListAsync(
+    ///     "id",
+    ///     "user_id",
+    ///     new ListOrganizationMemberEffectiveRolesRequestParameters { From = "from", Take = 1 }
+    /// );
+    /// </code></example>
+    public async Task<Pager<OrganizationMemberEffectiveRole>> ListAsync(
+        string id,
+        string userId,
+        ListOrganizationMemberEffectiveRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        if (request is not null)
+        {
+            request = request with { };
+        }
+        var pager = await CursorPager<
+            ListOrganizationMemberEffectiveRolesRequestParameters,
+            RequestOptions?,
+            ListOrganizationMemberEffectiveRolesResponseContent,
+            string?,
+            OrganizationMemberEffectiveRole
+        >
+            .CreateInstanceAsync(
+                request,
+                options,
+                async (request, options, cancellationToken) =>
+                    await ListInternalAsync(id, userId, request, options, cancellationToken)
+                        .WithRawResponse(),
+                (request, cursor) =>
+                {
+                    request.From = cursor;
+                },
+                response => response.Next,
+                response => response.Roles?.ToList(),
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        return pager;
+    }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/IEffectiveRolesClient.cs b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/IEffectiveRolesClient.cs
new file mode 100644
index 000000000..020d3f842
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/IEffectiveRolesClient.cs
@@ -0,0 +1,20 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Organizations.Members;
+
+public partial interface IEffectiveRolesClient
+{
+    public Auth0.ManagementApi.Organizations.Members.EffectiveRoles.Sources.ISourcesClient Sources { get; }
+
+    /// <summary>
+    /// Lists the roles assigned to an organization member directly or through group membership.
+    /// </summary>
+    Task<Pager<OrganizationMemberEffectiveRole>> ListAsync(
+        string id,
+        string userId,
+        ListOrganizationMemberEffectiveRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Requests/ListOrganizationMemberEffectiveRolesRequestParameters.cs b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Requests/ListOrganizationMemberEffectiveRolesRequestParameters.cs
new file mode 100644
index 000000000..e6af5d1d7
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Requests/ListOrganizationMemberEffectiveRolesRequestParameters.cs
@@ -0,0 +1,26 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Organizations.Members;
+
+[Serializable]
+public record ListOrganizationMemberEffectiveRolesRequestParameters
+{
+    /// <summary>
+    /// Optional Id from which to start selection.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<string?> From { get; set; }
+
+    /// <summary>
+    /// Number of results per page. Defaults to 50.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<int?> Take { get; set; } = 50;
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/Groups/GroupsClient.cs b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/Groups/GroupsClient.cs
new file mode 100644
index 000000000..697955113
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/Groups/GroupsClient.cs
@@ -0,0 +1,184 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+
+namespace Auth0.ManagementApi.Organizations.Members.EffectiveRoles.Sources;
+
+public partial class GroupsClient : IGroupsClient
+{
+    private readonly RawClient _client;
+
+    internal GroupsClient(RawClient client)
+    {
+        _client = client;
+    }
+
+    /// <summary>
+    /// Lists the groups which grant the org member a given role.
+    /// </summary>
+    private WithRawResponseTask<ListOrganizationMemberRoleSourceGroupsResponseContent> ListInternalAsync(
+        string id,
+        string userId,
+        ListOrganizationMemberRoleSourceGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        return new WithRawResponseTask<ListOrganizationMemberRoleSourceGroupsResponseContent>(
+            ListInternalAsyncCore(id, userId, request, options, cancellationToken)
+        );
+    }
+
+    private async Task<
+        WithRawResponse<ListOrganizationMemberRoleSourceGroupsResponseContent>
+    > ListInternalAsyncCore(
+        string id,
+        string userId,
+        ListOrganizationMemberRoleSourceGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _queryString = new Auth0.ManagementApi.Core.QueryStringBuilder.Builder(capacity: 3)
+            .Add("from", request.From.IsDefined ? request.From.Value : null)
+            .Add("take", request.Take.IsDefined ? request.Take.Value : null)
+            .Add("role_id", request.RoleId)
+            .MergeAdditional(options?.AdditionalQueryParameters)
+            .Build();
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Get,
+                    Path = string.Format(
+                        "organizations/{0}/members/{1}/effective-roles/sources/groups",
+                        ValueConvert.ToPathParameterString(id),
+                        ValueConvert.ToPathParameterString(userId)
+                    ),
+                    QueryString = _queryString,
+                    Headers = _headers,
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                var responseData =
+                    JsonUtils.Deserialize<ListOrganizationMemberRoleSourceGroupsResponseContent>(
+                        responseBody
+                    )!;
+                return new WithRawResponse<ListOrganizationMemberRoleSourceGroupsResponseContent>()
+                {
+                    Data = responseData,
+                    RawResponse = new RawResponse()
+                    {
+                        StatusCode = response.Raw.StatusCode,
+                        Url = response.Raw.RequestMessage?.RequestUri ?? new Uri("about:blank"),
+                        Headers = ResponseHeaders.FromHttpResponseMessage(response.Raw),
+                    },
+                };
+            }
+            catch (JsonException e)
+            {
+                throw new ManagementApiException(
+                    "Failed to deserialize response",
+                    response.StatusCode,
+                    null,
+                    e
+                );
+            }
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+
+    /// <summary>
+    /// Lists the groups which grant the org member a given role.
+    /// </summary>
+    /// <example><code>
+    /// await client.Organizations.Members.EffectiveRoles.Sources.Groups.ListAsync(
+    ///     "id",
+    ///     "user_id",
+    ///     new ListOrganizationMemberRoleSourceGroupsRequestParameters
+    ///     {
+    ///         From = "from",
+    ///         Take = 1,
+    ///         RoleId = "role_id",
+    ///     }
+    /// );
+    /// </code></example>
+    public async Task<Pager<Group>> ListAsync(
+        string id,
+        string userId,
+        ListOrganizationMemberRoleSourceGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        if (request is not null)
+        {
+            request = request with { };
+        }
+        var pager = await CursorPager<
+            ListOrganizationMemberRoleSourceGroupsRequestParameters,
+            RequestOptions?,
+            ListOrganizationMemberRoleSourceGroupsResponseContent,
+            string?,
+            Group
+        >
+            .CreateInstanceAsync(
+                request,
+                options,
+                async (request, options, cancellationToken) =>
+                    await ListInternalAsync(id, userId, request, options, cancellationToken)
+                        .WithRawResponse(),
+                (request, cursor) =>
+                {
+                    request.From = cursor;
+                },
+                response => response.Next,
+                response => response.Groups?.ToList(),
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        return pager;
+    }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/Groups/IGroupsClient.cs b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/Groups/IGroupsClient.cs
new file mode 100644
index 000000000..9dc743f9c
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/Groups/IGroupsClient.cs
@@ -0,0 +1,18 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Organizations.Members.EffectiveRoles.Sources;
+
+public partial interface IGroupsClient
+{
+    /// <summary>
+    /// Lists the groups which grant the org member a given role.
+    /// </summary>
+    Task<Pager<Group>> ListAsync(
+        string id,
+        string userId,
+        ListOrganizationMemberRoleSourceGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/Groups/Requests/ListOrganizationMemberRoleSourceGroupsRequestParameters.cs b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/Groups/Requests/ListOrganizationMemberRoleSourceGroupsRequestParameters.cs
new file mode 100644
index 000000000..24f8bd0a2
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/Groups/Requests/ListOrganizationMemberRoleSourceGroupsRequestParameters.cs
@@ -0,0 +1,32 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Organizations.Members.EffectiveRoles.Sources;
+
+[Serializable]
+public record ListOrganizationMemberRoleSourceGroupsRequestParameters
+{
+    /// <summary>
+    /// Optional Id from which to start selection.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<string?> From { get; set; }
+
+    /// <summary>
+    /// Number of results per page. Defaults to 50.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<int?> Take { get; set; } = 50;
+
+    /// <summary>
+    /// The role ID to get group sources for.
+    /// </summary>
+    [JsonIgnore]
+    public required string RoleId { get; set; }
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/ISourcesClient.cs b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/ISourcesClient.cs
new file mode 100644
index 000000000..430ce8337
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/ISourcesClient.cs
@@ -0,0 +1,6 @@
+namespace Auth0.ManagementApi.Organizations.Members.EffectiveRoles.Sources;
+
+public partial interface ISourcesClient
+{
+    public IGroupsClient Groups { get; }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/SourcesClient.cs b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/SourcesClient.cs
new file mode 100644
index 000000000..60c09c98e
--- /dev/null
+++ b/src/Auth0.ManagementApi/Organizations/Members/EffectiveRoles/Sources/SourcesClient.cs
@@ -0,0 +1,16 @@
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Organizations.Members.EffectiveRoles.Sources;
+
+public partial class SourcesClient : ISourcesClient
+{
+    private readonly RawClient _client;
+
+    internal SourcesClient(RawClient client)
+    {
+        _client = client;
+        Groups = new GroupsClient(_client);
+    }
+
+    public IGroupsClient Groups { get; }
+}
diff --git a/src/Auth0.ManagementApi/Organizations/Members/IMembersClient.cs b/src/Auth0.ManagementApi/Organizations/Members/IMembersClient.cs
index ca11f0215..21b97438b 100644
--- a/src/Auth0.ManagementApi/Organizations/Members/IMembersClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/Members/IMembersClient.cs
@@ -5,20 +5,15 @@ namespace Auth0.ManagementApi.Organizations;
 
 public partial interface IMembersClient
 {
+    public Auth0.ManagementApi.Organizations.Members.IEffectiveRolesClient EffectiveRoles { get; }
     public Auth0.ManagementApi.Organizations.Members.IRolesClient Roles { get; }
 
     /// <summary>
     /// List organization members.
     /// This endpoint is subject to eventual consistency. New users may not be immediately included in the response and deleted users may not be immediately removed from it.
     ///
-    /// <list type="bullet">
-    ///   <item><description>
-    ///     Use the <c>fields</c> parameter to optionally define the specific member details retrieved. If <c>fields</c> is left blank, all fields (except roles) are returned.
-    ///   </description></item>
-    ///   <item><description>
-    ///     Member roles are not sent by default. Use <c>fields=roles</c> to retrieve the roles assigned to each listed member. To use this parameter, you must include the <c>read:organization_member_roles</c> scope in the token.
-    ///   </description></item>
-    /// </list>
+    /// - Use the `fields` parameter to optionally define the specific member details retrieved. If `fields` is left blank, all fields (except roles) are returned.
+    /// - Member roles are not sent by default. Use `fields=roles` to retrieve the roles assigned to each listed member. To use this parameter, you must include the `read:organization_member_roles` scope in the token.
     ///
     /// This endpoint supports two types of pagination:
     ///
@@ -27,9 +22,9 @@ public partial interface IMembersClient
     ///
     /// Checkpoint pagination must be used if you need to retrieve more than 1000 organization members.
     ///
-    /// <para>Checkpoint Pagination</para>
+    /// **Checkpoint Pagination**
     ///
-    /// To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the <c>from</c> parameter. If there are more results, a <c>next</c> value will be included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, this indicates there are no more pages remaining.
+    /// To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the `from` parameter. If there are more results, a `next` value will be included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, this indicates there are no more pages remaining.
     /// </summary>
     Task<Pager<OrganizationMember>> ListAsync(
         string id,
@@ -39,9 +34,9 @@ Task<Pager<OrganizationMember>> ListAsync(
     );
 
     /// <summary>
-    /// Set one or more existing users as members of a specific <see href="https://auth0.com/docs/manage-users/organizations">Organization</see>.
+    /// Set one or more existing users as members of a specific [Organization](https://auth0.com/docs/manage-users/organizations).
     ///
-    /// To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can <see href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">invite them to create an account</see>, manually create them through the Auth0 Dashboard, or use the Management API.
+    /// To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can [invite them to create an account](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members), manually create them through the Auth0 Dashboard, or use the Management API.
     /// </summary>
     Task CreateAsync(
         string id,
diff --git a/src/Auth0.ManagementApi/Organizations/Members/MembersClient.cs b/src/Auth0.ManagementApi/Organizations/Members/MembersClient.cs
index b459da142..dca69ea6b 100644
--- a/src/Auth0.ManagementApi/Organizations/Members/MembersClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/Members/MembersClient.cs
@@ -11,23 +11,22 @@ public partial class MembersClient : IMembersClient
     internal MembersClient(RawClient client)
     {
         _client = client;
+        EffectiveRoles = new Auth0.ManagementApi.Organizations.Members.EffectiveRolesClient(
+            _client
+        );
         Roles = new Auth0.ManagementApi.Organizations.Members.RolesClient(_client);
     }
 
+    public Auth0.ManagementApi.Organizations.Members.IEffectiveRolesClient EffectiveRoles { get; }
+
     public Auth0.ManagementApi.Organizations.Members.IRolesClient Roles { get; }
 
     /// <summary>
     /// List organization members.
     /// This endpoint is subject to eventual consistency. New users may not be immediately included in the response and deleted users may not be immediately removed from it.
     ///
-    /// <list type="bullet">
-    ///   <item><description>
-    ///     Use the <c>fields</c> parameter to optionally define the specific member details retrieved. If <c>fields</c> is left blank, all fields (except roles) are returned.
-    ///   </description></item>
-    ///   <item><description>
-    ///     Member roles are not sent by default. Use <c>fields=roles</c> to retrieve the roles assigned to each listed member. To use this parameter, you must include the <c>read:organization_member_roles</c> scope in the token.
-    ///   </description></item>
-    /// </list>
+    /// - Use the `fields` parameter to optionally define the specific member details retrieved. If `fields` is left blank, all fields (except roles) are returned.
+    /// - Member roles are not sent by default. Use `fields=roles` to retrieve the roles assigned to each listed member. To use this parameter, you must include the `read:organization_member_roles` scope in the token.
     ///
     /// This endpoint supports two types of pagination:
     ///
@@ -36,9 +35,9 @@ internal MembersClient(RawClient client)
     ///
     /// Checkpoint pagination must be used if you need to retrieve more than 1000 organization members.
     ///
-    /// <para>Checkpoint Pagination</para>
+    /// **Checkpoint Pagination**
     ///
-    /// To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the <c>from</c> parameter. If there are more results, a <c>next</c> value will be included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, this indicates there are no more pages remaining.
+    /// To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the `from` parameter. If there are more results, a `next` value will be included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, this indicates there are no more pages remaining.
     /// </summary>
     private WithRawResponseTask<ListOrganizationMembersPaginatedResponseContent> ListInternalAsync(
         string id,
@@ -159,14 +158,8 @@ private async Task<
     /// List organization members.
     /// This endpoint is subject to eventual consistency. New users may not be immediately included in the response and deleted users may not be immediately removed from it.
     ///
-    /// <list type="bullet">
-    ///   <item><description>
-    ///     Use the <c>fields</c> parameter to optionally define the specific member details retrieved. If <c>fields</c> is left blank, all fields (except roles) are returned.
-    ///   </description></item>
-    ///   <item><description>
-    ///     Member roles are not sent by default. Use <c>fields=roles</c> to retrieve the roles assigned to each listed member. To use this parameter, you must include the <c>read:organization_member_roles</c> scope in the token.
-    ///   </description></item>
-    /// </list>
+    /// - Use the `fields` parameter to optionally define the specific member details retrieved. If `fields` is left blank, all fields (except roles) are returned.
+    /// - Member roles are not sent by default. Use `fields=roles` to retrieve the roles assigned to each listed member. To use this parameter, you must include the `read:organization_member_roles` scope in the token.
     ///
     /// This endpoint supports two types of pagination:
     ///
@@ -175,9 +168,9 @@ private async Task<
     ///
     /// Checkpoint pagination must be used if you need to retrieve more than 1000 organization members.
     ///
-    /// <para>Checkpoint Pagination</para>
+    /// **Checkpoint Pagination**
     ///
-    /// To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the <c>from</c> parameter. If there are more results, a <c>next</c> value will be included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, this indicates there are no more pages remaining.
+    /// To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the `from` parameter. If there are more results, a `next` value will be included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, this indicates there are no more pages remaining.
     /// </summary>
     /// <example><code>
     /// await client.Organizations.Members.ListAsync(
@@ -228,9 +221,9 @@ await ListInternalAsync(id, request, options, cancellationToken)
     }
 
     /// <summary>
-    /// Set one or more existing users as members of a specific <see href="https://auth0.com/docs/manage-users/organizations">Organization</see>.
+    /// Set one or more existing users as members of a specific [Organization](https://auth0.com/docs/manage-users/organizations).
     ///
-    /// To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can <see href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">invite them to create an account</see>, manually create them through the Auth0 Dashboard, or use the Management API.
+    /// To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can [invite them to create an account](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members), manually create them through the Auth0 Dashboard, or use the Management API.
     /// </summary>
     /// <example><code>
     /// await client.Organizations.Members.CreateAsync(
diff --git a/src/Auth0.ManagementApi/Organizations/Members/Roles/IRolesClient.cs b/src/Auth0.ManagementApi/Organizations/Members/Roles/IRolesClient.cs
index 5b2ace018..de515b06c 100644
--- a/src/Auth0.ManagementApi/Organizations/Members/Roles/IRolesClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/Members/Roles/IRolesClient.cs
@@ -19,7 +19,7 @@ Task<Pager<Role>> ListAsync(
     );
 
     /// <summary>
-    /// Assign one or more <see href="https://auth0.com/docs/manage-users/access-control/rbac">roles</see> to a user to determine their access for a specific Organization.
+    /// Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a user to determine their access for a specific Organization.
     ///
     /// Users can be members of multiple Organizations with unique roles assigned for each membership. This action assigns roles to a user only for the specified Organization. Roles cannot be assigned to a user across multiple Organizations in the same call.
     /// </summary>
@@ -32,7 +32,7 @@ Task AssignAsync(
     );
 
     /// <summary>
-    /// Remove one or more Organization-specific <see href="https://auth0.com/docs/manage-users/access-control/rbac">roles</see> from a given user.
+    /// Remove one or more Organization-specific [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a given user.
     ///
     /// Users can be members of multiple Organizations with unique roles assigned for each membership. This action removes roles from a user in relation to the specified Organization. Roles assigned to the user within a different Organization cannot be managed in the same call.
     /// </summary>
diff --git a/src/Auth0.ManagementApi/Organizations/Members/Roles/RolesClient.cs b/src/Auth0.ManagementApi/Organizations/Members/Roles/RolesClient.cs
index b83f2f553..f75d651cd 100644
--- a/src/Auth0.ManagementApi/Organizations/Members/Roles/RolesClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/Members/Roles/RolesClient.cs
@@ -190,7 +190,7 @@ await ListInternalAsync(id, userId, request, options, cancellationToken)
     }
 
     /// <summary>
-    /// Assign one or more <see href="https://auth0.com/docs/manage-users/access-control/rbac">roles</see> to a user to determine their access for a specific Organization.
+    /// Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a user to determine their access for a specific Organization.
     ///
     /// Users can be members of multiple Organizations with unique roles assigned for each membership. This action assigns roles to a user only for the specified Organization. Roles cannot be assigned to a user across multiple Organizations in the same call.
     /// </summary>
@@ -270,7 +270,7 @@ public async Task AssignAsync(
     }
 
     /// <summary>
-    /// Remove one or more Organization-specific <see href="https://auth0.com/docs/manage-users/access-control/rbac">roles</see> from a given user.
+    /// Remove one or more Organization-specific [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a given user.
     ///
     /// Users can be members of multiple Organizations with unique roles assigned for each membership. This action removes roles from a user in relation to the specified Organization. Roles assigned to the user within a different Organization cannot be managed in the same call.
     /// </summary>
diff --git a/src/Auth0.ManagementApi/Organizations/OrganizationsClient.cs b/src/Auth0.ManagementApi/Organizations/OrganizationsClient.cs
index 0f5eb6aaf..eda642d55 100644
--- a/src/Auth0.ManagementApi/Organizations/OrganizationsClient.cs
+++ b/src/Auth0.ManagementApi/Organizations/OrganizationsClient.cs
@@ -17,6 +17,7 @@ internal OrganizationsClient(RawClient client)
         EnabledConnections = new EnabledConnectionsClient(_client);
         Invitations = new InvitationsClient(_client);
         Members = new Auth0.ManagementApi.Organizations.MembersClient(_client);
+        Groups = new Auth0.ManagementApi.Organizations.GroupsClient(_client);
     }
 
     public Auth0.ManagementApi.Organizations.IClientGrantsClient ClientGrants { get; }
@@ -31,26 +32,26 @@ internal OrganizationsClient(RawClient client)
 
     public Auth0.ManagementApi.Organizations.IMembersClient Members { get; }
 
+    public Auth0.ManagementApi.Organizations.IGroupsClient Groups { get; }
+
     /// <summary>
     /// Retrieve detailed list of all Organizations available in your tenant. For more information, see Auth0 Organizations.
     ///
     /// This endpoint supports two types of pagination:
-    /// <list type="bullet">
-    /// <item><description>Offset pagination</description></item>
-    /// <item><description>Checkpoint pagination</description></item>
-    /// </list>
+    ///
+    /// - Offset pagination
+    /// - Checkpoint pagination
     ///
     /// Checkpoint pagination must be used if you need to retrieve more than 1000 organizations.
     ///
-    /// <para>Checkpoint Pagination</para>
+    /// **Checkpoint Pagination**
     ///
     /// To search by checkpoint, use the following parameters:
-    /// <list type="bullet">
-    /// <item><description><c>from</c>: Optional id from which to start selection.</description></item>
-    /// <item><description><c>take</c>: The total number of entries to retrieve when using the <c>from</c> parameter. Defaults to 50.</description></item>
-    /// </list>
     ///
-    /// <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <c>from</c> parameter. If there are more results, a <c>next</c> value is included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, no pages are remaining.
+    /// - `from`: Optional id from which to start selection.
+    /// - `take`: The total number of entries to retrieve when using the `from` parameter. Defaults to 50.
+    ///
+    /// **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
     /// </summary>
     private WithRawResponseTask<ListOrganizationsPaginatedResponseContent> ListInternalAsync(
         ListOrganizationsRequestParameters request,
@@ -517,22 +518,20 @@ private async Task<WithRawResponse<UpdateOrganizationResponseContent>> UpdateAsy
     /// Retrieve detailed list of all Organizations available in your tenant. For more information, see Auth0 Organizations.
     ///
     /// This endpoint supports two types of pagination:
-    /// <list type="bullet">
-    /// <item><description>Offset pagination</description></item>
-    /// <item><description>Checkpoint pagination</description></item>
-    /// </list>
+    ///
+    /// - Offset pagination
+    /// - Checkpoint pagination
     ///
     /// Checkpoint pagination must be used if you need to retrieve more than 1000 organizations.
     ///
-    /// <para>Checkpoint Pagination</para>
+    /// **Checkpoint Pagination**
     ///
     /// To search by checkpoint, use the following parameters:
-    /// <list type="bullet">
-    /// <item><description><c>from</c>: Optional id from which to start selection.</description></item>
-    /// <item><description><c>take</c>: The total number of entries to retrieve when using the <c>from</c> parameter. Defaults to 50.</description></item>
-    /// </list>
     ///
-    /// <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <c>from</c> parameter. If there are more results, a <c>next</c> value is included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, no pages are remaining.
+    /// - `from`: Optional id from which to start selection.
+    /// - `take`: The total number of entries to retrieve when using the `from` parameter. Defaults to 50.
+    ///
+    /// **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
     /// </summary>
     /// <example><code>
     /// await client.Organizations.ListAsync(
@@ -579,7 +578,7 @@ await ListInternalAsync(request, options, cancellationToken).WithRawResponse(),
     }
 
     /// <summary>
-    /// Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review <see href="https://auth0.com/docs/manage-users/organizations/create-first-organization">Create Your First Organization</see>.
+    /// Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review [Create Your First Organization](https://auth0.com/docs/manage-users/organizations/create-first-organization).
     /// </summary>
     /// <example><code>
     /// await client.Organizations.CreateAsync(new CreateOrganizationRequestContent { Name = "name" });
@@ -632,7 +631,7 @@ public WithRawResponseTask<GetOrganizationResponseContent> GetAsync(
     /// <summary>
     /// Remove an Organization from your tenant.  This action cannot be undone.
     ///
-    /// <b>Note</b>: Members are automatically disassociated from an Organization when it is deleted. However, this action does <b>not</b> delete these users from your tenant.
+    /// **Note**: Members are automatically disassociated from an Organization when it is deleted. However, this action does **not** delete these users from your tenant.
     /// </summary>
     /// <example><code>
     /// await client.Organizations.DeleteAsync("id");
@@ -701,7 +700,7 @@ public async Task DeleteAsync(
     }
 
     /// <summary>
-    /// Update the details of a specific <see href="https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations">Organization</see>, such as name and display name, branding options, and metadata.
+    /// Update the details of a specific [Organization](https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations), such as name and display name, branding options, and metadata.
     /// </summary>
     /// <example><code>
     /// await client.Organizations.UpdateAsync("id", new UpdateOrganizationRequestContent());
diff --git a/src/Auth0.ManagementApi/Roles/Groups/GroupsClient.cs b/src/Auth0.ManagementApi/Roles/Groups/GroupsClient.cs
new file mode 100644
index 000000000..001279432
--- /dev/null
+++ b/src/Auth0.ManagementApi/Roles/Groups/GroupsClient.cs
@@ -0,0 +1,315 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+
+namespace Auth0.ManagementApi.Roles;
+
+public partial class GroupsClient : IGroupsClient
+{
+    private readonly RawClient _client;
+
+    internal GroupsClient(RawClient client)
+    {
+        _client = client;
+    }
+
+    /// <summary>
+    /// Lists the groups to which the specified role is assigned.
+    /// </summary>
+    private WithRawResponseTask<ListRoleGroupsResponseContent> GetInternalAsync(
+        string id,
+        ListRoleGroupsParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        return new WithRawResponseTask<ListRoleGroupsResponseContent>(
+            GetInternalAsyncCore(id, request, options, cancellationToken)
+        );
+    }
+
+    private async Task<WithRawResponse<ListRoleGroupsResponseContent>> GetInternalAsyncCore(
+        string id,
+        ListRoleGroupsParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _queryString = new Auth0.ManagementApi.Core.QueryStringBuilder.Builder(capacity: 2)
+            .Add("from", request.From.IsDefined ? request.From.Value : null)
+            .Add("take", request.Take.IsDefined ? request.Take.Value : null)
+            .MergeAdditional(options?.AdditionalQueryParameters)
+            .Build();
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Get,
+                    Path = string.Format(
+                        "roles/{0}/groups",
+                        ValueConvert.ToPathParameterString(id)
+                    ),
+                    QueryString = _queryString,
+                    Headers = _headers,
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                var responseData = JsonUtils.Deserialize<ListRoleGroupsResponseContent>(
+                    responseBody
+                )!;
+                return new WithRawResponse<ListRoleGroupsResponseContent>()
+                {
+                    Data = responseData,
+                    RawResponse = new RawResponse()
+                    {
+                        StatusCode = response.Raw.StatusCode,
+                        Url = response.Raw.RequestMessage?.RequestUri ?? new Uri("about:blank"),
+                        Headers = ResponseHeaders.FromHttpResponseMessage(response.Raw),
+                    },
+                };
+            }
+            catch (JsonException e)
+            {
+                throw new ManagementApiException(
+                    "Failed to deserialize response",
+                    response.StatusCode,
+                    null,
+                    e
+                );
+            }
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+
+    /// <summary>
+    /// Lists the groups to which the specified role is assigned.
+    /// </summary>
+    /// <example><code>
+    /// await client.Roles.Groups.GetAsync("id", new ListRoleGroupsParameters { From = "from", Take = 1 });
+    /// </code></example>
+    public async Task<Pager<Group>> GetAsync(
+        string id,
+        ListRoleGroupsParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        if (request is not null)
+        {
+            request = request with { };
+        }
+        var pager = await CursorPager<
+            ListRoleGroupsParameters,
+            RequestOptions?,
+            ListRoleGroupsResponseContent,
+            string?,
+            Group
+        >
+            .CreateInstanceAsync(
+                request,
+                options,
+                async (request, options, cancellationToken) =>
+                    await GetInternalAsync(id, request, options, cancellationToken)
+                        .WithRawResponse(),
+                (request, cursor) =>
+                {
+                    request.From = cursor;
+                },
+                response => response.Next,
+                response => response.Groups?.ToList(),
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        return pager;
+    }
+
+    /// <summary>
+    /// Assign one or more groups to a specified role.
+    /// </summary>
+    /// <example><code>
+    /// await client.Roles.Groups.CreateAsync(
+    ///     "id",
+    ///     new AssignRoleGroupsRequestContent { Groups = new List&lt;string&gt;() { "groups" } }
+    /// );
+    /// </code></example>
+    public async Task CreateAsync(
+        string id,
+        AssignRoleGroupsRequestContent request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Post,
+                    Path = string.Format(
+                        "roles/{0}/groups",
+                        ValueConvert.ToPathParameterString(id)
+                    ),
+                    Body = request,
+                    Headers = _headers,
+                    ContentType = "application/json",
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            return;
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 404:
+                        throw new NotFoundError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+
+    /// <summary>
+    /// Unassign one or more groups from a specified role.
+    /// </summary>
+    /// <example><code>
+    /// await client.Roles.Groups.DeleteAsync(
+    ///     "id",
+    ///     new DeleteRoleGroupsRequestContent { Groups = new List&lt;string&gt;() { "groups" } }
+    /// );
+    /// </code></example>
+    public async Task DeleteAsync(
+        string id,
+        DeleteRoleGroupsRequestContent request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Delete,
+                    Path = string.Format(
+                        "roles/{0}/groups",
+                        ValueConvert.ToPathParameterString(id)
+                    ),
+                    Body = request,
+                    Headers = _headers,
+                    ContentType = "application/json",
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            return;
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+}
diff --git a/src/Auth0.ManagementApi/Roles/Groups/IGroupsClient.cs b/src/Auth0.ManagementApi/Roles/Groups/IGroupsClient.cs
new file mode 100644
index 000000000..282cd7af9
--- /dev/null
+++ b/src/Auth0.ManagementApi/Roles/Groups/IGroupsClient.cs
@@ -0,0 +1,37 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Roles;
+
+public partial interface IGroupsClient
+{
+    /// <summary>
+    /// Lists the groups to which the specified role is assigned.
+    /// </summary>
+    Task<Pager<Group>> GetAsync(
+        string id,
+        ListRoleGroupsParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+
+    /// <summary>
+    /// Assign one or more groups to a specified role.
+    /// </summary>
+    Task CreateAsync(
+        string id,
+        AssignRoleGroupsRequestContent request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+
+    /// <summary>
+    /// Unassign one or more groups from a specified role.
+    /// </summary>
+    Task DeleteAsync(
+        string id,
+        DeleteRoleGroupsRequestContent request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+}
diff --git a/src/Auth0.ManagementApi/Roles/Groups/Requests/AssignRoleGroupsRequestContent.cs b/src/Auth0.ManagementApi/Roles/Groups/Requests/AssignRoleGroupsRequestContent.cs
new file mode 100644
index 000000000..7ae9f78f5
--- /dev/null
+++ b/src/Auth0.ManagementApi/Roles/Groups/Requests/AssignRoleGroupsRequestContent.cs
@@ -0,0 +1,20 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Roles;
+
+[Serializable]
+public record AssignRoleGroupsRequestContent
+{
+    /// <summary>
+    /// Array of group IDs to assign to the role.
+    /// </summary>
+    [JsonPropertyName("groups")]
+    public IEnumerable<string> Groups { get; set; } = new List<string>();
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Roles/Groups/Requests/DeleteRoleGroupsRequestContent.cs b/src/Auth0.ManagementApi/Roles/Groups/Requests/DeleteRoleGroupsRequestContent.cs
new file mode 100644
index 000000000..e8a4393e5
--- /dev/null
+++ b/src/Auth0.ManagementApi/Roles/Groups/Requests/DeleteRoleGroupsRequestContent.cs
@@ -0,0 +1,20 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Roles;
+
+[Serializable]
+public record DeleteRoleGroupsRequestContent
+{
+    /// <summary>
+    /// Array of group IDs to remove from the role.
+    /// </summary>
+    [JsonPropertyName("groups")]
+    public IEnumerable<string> Groups { get; set; } = new List<string>();
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Roles/Groups/Requests/ListRoleGroupsParameters.cs b/src/Auth0.ManagementApi/Roles/Groups/Requests/ListRoleGroupsParameters.cs
new file mode 100644
index 000000000..68b66721c
--- /dev/null
+++ b/src/Auth0.ManagementApi/Roles/Groups/Requests/ListRoleGroupsParameters.cs
@@ -0,0 +1,26 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Roles;
+
+[Serializable]
+public record ListRoleGroupsParameters
+{
+    /// <summary>
+    /// Optional Id from which to start selection.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<string?> From { get; set; }
+
+    /// <summary>
+    /// Number of results per page. Defaults to 50.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<int?> Take { get; set; } = 50;
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Roles/IRolesClient.cs b/src/Auth0.ManagementApi/Roles/IRolesClient.cs
index 483485ee6..205929def 100644
--- a/src/Auth0.ManagementApi/Roles/IRolesClient.cs
+++ b/src/Auth0.ManagementApi/Roles/IRolesClient.cs
@@ -4,6 +4,7 @@ namespace Auth0.ManagementApi;
 
 public partial interface IRolesClient
 {
+    public Auth0.ManagementApi.Roles.IGroupsClient Groups { get; }
     public Auth0.ManagementApi.Roles.IPermissionsClient Permissions { get; }
     public Auth0.ManagementApi.Roles.IUsersClient Users { get; }
 
diff --git a/src/Auth0.ManagementApi/Roles/RolesClient.cs b/src/Auth0.ManagementApi/Roles/RolesClient.cs
index 9ff55eab7..d0d305abc 100644
--- a/src/Auth0.ManagementApi/Roles/RolesClient.cs
+++ b/src/Auth0.ManagementApi/Roles/RolesClient.cs
@@ -10,10 +10,13 @@ public partial class RolesClient : IRolesClient
     internal RolesClient(RawClient client)
     {
         _client = client;
+        Groups = new Auth0.ManagementApi.Roles.GroupsClient(_client);
         Permissions = new Auth0.ManagementApi.Roles.PermissionsClient(_client);
         Users = new Auth0.ManagementApi.Roles.UsersClient(_client);
     }
 
+    public Auth0.ManagementApi.Roles.IGroupsClient Groups { get; }
+
     public Auth0.ManagementApi.Roles.IPermissionsClient Permissions { get; }
 
     public Auth0.ManagementApi.Roles.IUsersClient Users { get; }
diff --git a/src/Auth0.ManagementApi/Tenants/Settings/Requests/UpdateTenantSettingsRequestContent.cs b/src/Auth0.ManagementApi/Tenants/Settings/Requests/UpdateTenantSettingsRequestContent.cs
index 12b063c74..f3f8b297b 100644
--- a/src/Auth0.ManagementApi/Tenants/Settings/Requests/UpdateTenantSettingsRequestContent.cs
+++ b/src/Auth0.ManagementApi/Tenants/Settings/Requests/UpdateTenantSettingsRequestContent.cs
@@ -228,6 +228,10 @@ public record UpdateTenantSettingsRequestContent
     [JsonPropertyName("dynamic_client_registration_security_mode")]
     public TenantSettingsDynamicClientRegistrationSecurityMode? DynamicClientRegistrationSecurityMode { get; set; }
 
+    [Nullable, Optional]
+    [JsonPropertyName("country_codes")]
+    public Optional<TenantSettingsCountryCodes?> CountryCodes { get; set; }
+
     /// <inheritdoc />
     public override string ToString()
     {
diff --git a/src/Auth0.ManagementApi/TokenExchangeProfiles/ITokenExchangeProfilesClient.cs b/src/Auth0.ManagementApi/TokenExchangeProfiles/ITokenExchangeProfilesClient.cs
index aa0ad5d80..9ace913fb 100644
--- a/src/Auth0.ManagementApi/TokenExchangeProfiles/ITokenExchangeProfilesClient.cs
+++ b/src/Auth0.ManagementApi/TokenExchangeProfiles/ITokenExchangeProfilesClient.cs
@@ -7,15 +7,14 @@ public partial interface ITokenExchangeProfilesClient
     /// <summary>
     /// Retrieve a list of all Token Exchange Profiles available in your tenant.
     ///
-    /// By using this feature, you agree to the applicable Free Trial terms in <see href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</see>. It is your responsibility to securely validate the user’s subject_token. See <see href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</see> for more details.
+    /// By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
     ///
     /// This endpoint supports Checkpoint pagination. To search by checkpoint, use the following parameters:
-    /// <list type="bullet">
-    /// <item><description><c>from</c>: Optional id from which to start selection.</description></item>
-    /// <item><description><c>take</c>: The total amount of entries to retrieve when using the from parameter. Defaults to 50.</description></item>
-    /// </list>
     ///
-    /// <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <c>from</c> parameter. If there are more results, a <c>next</c> value is included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, no pages are remaining.
+    /// - `from`: Optional id from which to start selection.
+    /// - `take`: The total amount of entries to retrieve when using the from parameter. Defaults to 50.
+    ///
+    /// **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
     /// </summary>
     Task<Pager<TokenExchangeProfileResponseContent>> ListAsync(
         TokenExchangeProfilesListRequest request,
@@ -26,7 +25,7 @@ Task<Pager<TokenExchangeProfileResponseContent>> ListAsync(
     /// <summary>
     /// Create a new Token Exchange Profile within your tenant.
     ///
-    /// By using this feature, you agree to the applicable Free Trial terms in <see href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</see>. It is your responsibility to securely validate the user’s subject_token. See <see href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</see> for more details.
+    /// By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
     /// </summary>
     WithRawResponseTask<CreateTokenExchangeProfileResponseContent> CreateAsync(
         CreateTokenExchangeProfileRequestContent request,
@@ -37,7 +36,7 @@ WithRawResponseTask<CreateTokenExchangeProfileResponseContent> CreateAsync(
     /// <summary>
     /// Retrieve details about a single Token Exchange Profile specified by ID.
     ///
-    /// By using this feature, you agree to the applicable Free Trial terms in <see href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</see>. It is your responsibility to securely validate the user’s subject_token. See <see href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</see> for more details.
+    /// By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
     /// </summary>
     WithRawResponseTask<GetTokenExchangeProfileResponseContent> GetAsync(
         string id,
@@ -48,7 +47,7 @@ WithRawResponseTask<GetTokenExchangeProfileResponseContent> GetAsync(
     /// <summary>
     /// Delete a Token Exchange Profile within your tenant.
     ///
-    /// By using this feature, you agree to the applicable Free Trial terms in <see href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</see>. It is your responsibility to securely validate the user's subject_token. See <see href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</see> for more details.
+    /// By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
     /// </summary>
     Task DeleteAsync(
         string id,
@@ -59,7 +58,7 @@ Task DeleteAsync(
     /// <summary>
     /// Update a Token Exchange Profile within your tenant.
     ///
-    /// By using this feature, you agree to the applicable Free Trial terms in <see href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</see>. It is your responsibility to securely validate the user's subject_token. See <see href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</see> for more details.
+    /// By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
     /// </summary>
     Task UpdateAsync(
         string id,
diff --git a/src/Auth0.ManagementApi/TokenExchangeProfiles/TokenExchangeProfilesClient.cs b/src/Auth0.ManagementApi/TokenExchangeProfiles/TokenExchangeProfilesClient.cs
index 9753e87fa..b8580b1e4 100644
--- a/src/Auth0.ManagementApi/TokenExchangeProfiles/TokenExchangeProfilesClient.cs
+++ b/src/Auth0.ManagementApi/TokenExchangeProfiles/TokenExchangeProfilesClient.cs
@@ -15,15 +15,14 @@ internal TokenExchangeProfilesClient(RawClient client)
     /// <summary>
     /// Retrieve a list of all Token Exchange Profiles available in your tenant.
     ///
-    /// By using this feature, you agree to the applicable Free Trial terms in <see href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</see>. It is your responsibility to securely validate the user’s subject_token. See <see href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</see> for more details.
+    /// By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
     ///
     /// This endpoint supports Checkpoint pagination. To search by checkpoint, use the following parameters:
-    /// <list type="bullet">
-    /// <item><description><c>from</c>: Optional id from which to start selection.</description></item>
-    /// <item><description><c>take</c>: The total amount of entries to retrieve when using the from parameter. Defaults to 50.</description></item>
-    /// </list>
     ///
-    /// <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <c>from</c> parameter. If there are more results, a <c>next</c> value is included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, no pages are remaining.
+    /// - `from`: Optional id from which to start selection.
+    /// - `take`: The total amount of entries to retrieve when using the from parameter. Defaults to 50.
+    ///
+    /// **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
     /// </summary>
     private WithRawResponseTask<ListTokenExchangeProfileResponseContent> ListInternalAsync(
         TokenExchangeProfilesListRequest request,
@@ -311,15 +310,14 @@ private async Task<WithRawResponse<GetTokenExchangeProfileResponseContent>> GetA
     /// <summary>
     /// Retrieve a list of all Token Exchange Profiles available in your tenant.
     ///
-    /// By using this feature, you agree to the applicable Free Trial terms in <see href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</see>. It is your responsibility to securely validate the user’s subject_token. See <see href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</see> for more details.
+    /// By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
     ///
     /// This endpoint supports Checkpoint pagination. To search by checkpoint, use the following parameters:
-    /// <list type="bullet">
-    /// <item><description><c>from</c>: Optional id from which to start selection.</description></item>
-    /// <item><description><c>take</c>: The total amount of entries to retrieve when using the from parameter. Defaults to 50.</description></item>
-    /// </list>
     ///
-    /// <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <c>from</c> parameter. If there are more results, a <c>next</c> value is included in the response. You can use this for subsequent API calls. When <c>next</c> is no longer included in the response, no pages are remaining.
+    /// - `from`: Optional id from which to start selection.
+    /// - `take`: The total amount of entries to retrieve when using the from parameter. Defaults to 50.
+    ///
+    /// **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
     /// </summary>
     /// <example><code>
     /// await client.TokenExchangeProfiles.ListAsync(
@@ -363,7 +361,7 @@ await ListInternalAsync(request, options, cancellationToken).WithRawResponse(),
     /// <summary>
     /// Create a new Token Exchange Profile within your tenant.
     ///
-    /// By using this feature, you agree to the applicable Free Trial terms in <see href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</see>. It is your responsibility to securely validate the user’s subject_token. See <see href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</see> for more details.
+    /// By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
     /// </summary>
     /// <example><code>
     /// await client.TokenExchangeProfiles.CreateAsync(
@@ -390,7 +388,7 @@ public WithRawResponseTask<CreateTokenExchangeProfileResponseContent> CreateAsyn
     /// <summary>
     /// Retrieve details about a single Token Exchange Profile specified by ID.
     ///
-    /// By using this feature, you agree to the applicable Free Trial terms in <see href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</see>. It is your responsibility to securely validate the user’s subject_token. See <see href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</see> for more details.
+    /// By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
     /// </summary>
     /// <example><code>
     /// await client.TokenExchangeProfiles.GetAsync("id");
@@ -409,7 +407,7 @@ public WithRawResponseTask<GetTokenExchangeProfileResponseContent> GetAsync(
     /// <summary>
     /// Delete a Token Exchange Profile within your tenant.
     ///
-    /// By using this feature, you agree to the applicable Free Trial terms in <see href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</see>. It is your responsibility to securely validate the user's subject_token. See <see href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</see> for more details.
+    /// By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
     /// </summary>
     /// <example><code>
     /// await client.TokenExchangeProfiles.DeleteAsync("id");
@@ -476,7 +474,7 @@ public async Task DeleteAsync(
     /// <summary>
     /// Update a Token Exchange Profile within your tenant.
     ///
-    /// By using this feature, you agree to the applicable Free Trial terms in <see href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</see>. It is your responsibility to securely validate the user's subject_token. See <see href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</see> for more details.
+    /// By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
     /// </summary>
     /// <example><code>
     /// await client.TokenExchangeProfiles.UpdateAsync(
diff --git a/src/Auth0.ManagementApi/Types/GetTenantSettingsResponseContent.cs b/src/Auth0.ManagementApi/Types/GetTenantSettingsResponseContent.cs
index d3392dc32..d9e862dfc 100644
--- a/src/Auth0.ManagementApi/Types/GetTenantSettingsResponseContent.cs
+++ b/src/Auth0.ManagementApi/Types/GetTenantSettingsResponseContent.cs
@@ -236,6 +236,10 @@ public record GetTenantSettingsResponseContent : IJsonOnDeserialized
     [JsonPropertyName("dynamic_client_registration_security_mode")]
     public TenantSettingsDynamicClientRegistrationSecurityMode? DynamicClientRegistrationSecurityMode { get; set; }
 
+    [Optional]
+    [JsonPropertyName("country_codes")]
+    public TenantSettingsCountryCodesResponse? CountryCodes { get; set; }
+
     [JsonIgnore]
     public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
 
diff --git a/src/Auth0.ManagementApi/Types/ListOrganizationGroupRolesResponseContent.cs b/src/Auth0.ManagementApi/Types/ListOrganizationGroupRolesResponseContent.cs
new file mode 100644
index 000000000..0ebc4ba5a
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/ListOrganizationGroupRolesResponseContent.cs
@@ -0,0 +1,35 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record ListOrganizationGroupRolesResponseContent : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    [JsonPropertyName("roles")]
+    public IEnumerable<Role> Roles { get; set; } = new List<Role>();
+
+    /// <summary>
+    /// A cursor to be used as the "from" query parameter for the next page of results.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("next")]
+    public string? Next { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/ListOrganizationGroupsResponseContent.cs b/src/Auth0.ManagementApi/Types/ListOrganizationGroupsResponseContent.cs
new file mode 100644
index 000000000..6643b284a
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/ListOrganizationGroupsResponseContent.cs
@@ -0,0 +1,35 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record ListOrganizationGroupsResponseContent : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    [JsonPropertyName("groups")]
+    public IEnumerable<Group> Groups { get; set; } = new List<Group>();
+
+    /// <summary>
+    /// A cursor to be used as the "from" query parameter for the next page of results.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("next")]
+    public string? Next { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/ListOrganizationMemberEffectiveRolesResponseContent.cs b/src/Auth0.ManagementApi/Types/ListOrganizationMemberEffectiveRolesResponseContent.cs
new file mode 100644
index 000000000..c908caf5b
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/ListOrganizationMemberEffectiveRolesResponseContent.cs
@@ -0,0 +1,36 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record ListOrganizationMemberEffectiveRolesResponseContent : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    [JsonPropertyName("roles")]
+    public IEnumerable<OrganizationMemberEffectiveRole> Roles { get; set; } =
+        new List<OrganizationMemberEffectiveRole>();
+
+    /// <summary>
+    /// Cursor for the next page of results
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("next")]
+    public string? Next { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/ListOrganizationMemberRoleSourceGroupsResponseContent.cs b/src/Auth0.ManagementApi/Types/ListOrganizationMemberRoleSourceGroupsResponseContent.cs
new file mode 100644
index 000000000..dda045176
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/ListOrganizationMemberRoleSourceGroupsResponseContent.cs
@@ -0,0 +1,35 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record ListOrganizationMemberRoleSourceGroupsResponseContent : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    [JsonPropertyName("groups")]
+    public IEnumerable<Group> Groups { get; set; } = new List<Group>();
+
+    /// <summary>
+    /// A cursor to be used as the "from" query parameter for the next page of results.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("next")]
+    public string? Next { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/ListRoleGroupsResponseContent.cs b/src/Auth0.ManagementApi/Types/ListRoleGroupsResponseContent.cs
new file mode 100644
index 000000000..db9959466
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/ListRoleGroupsResponseContent.cs
@@ -0,0 +1,35 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record ListRoleGroupsResponseContent : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    [JsonPropertyName("groups")]
+    public IEnumerable<Group> Groups { get; set; } = new List<Group>();
+
+    /// <summary>
+    /// A cursor to be used as the "from" query parameter for the next page of results.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("next")]
+    public string? Next { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/ListUserEffectivePermissionRoleSourcesResponseContent.cs b/src/Auth0.ManagementApi/Types/ListUserEffectivePermissionRoleSourcesResponseContent.cs
new file mode 100644
index 000000000..3fc5edd19
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/ListUserEffectivePermissionRoleSourcesResponseContent.cs
@@ -0,0 +1,39 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record ListUserEffectivePermissionRoleSourcesResponseContent : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    /// <summary>
+    /// Roles with the specified permission assigned to the user, both directly and via groups.
+    /// </summary>
+    [JsonPropertyName("roles")]
+    public IEnumerable<UserEffectivePermissionRoleSourceResponseContent> Roles { get; set; } =
+        new List<UserEffectivePermissionRoleSourceResponseContent>();
+
+    /// <summary>
+    /// A cursor to be used as the "from" query parameter for the next page of results.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("next")]
+    public string? Next { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/ListUserEffectivePermissionsResponseContent.cs b/src/Auth0.ManagementApi/Types/ListUserEffectivePermissionsResponseContent.cs
new file mode 100644
index 000000000..eb238d7cf
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/ListUserEffectivePermissionsResponseContent.cs
@@ -0,0 +1,39 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record ListUserEffectivePermissionsResponseContent : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    /// <summary>
+    /// List of permissions assigned to the user.
+    /// </summary>
+    [JsonPropertyName("permissions")]
+    public IEnumerable<UserEffectivePermissionResponseContent> Permissions { get; set; } =
+        new List<UserEffectivePermissionResponseContent>();
+
+    /// <summary>
+    /// A cursor to be used as the "from" query parameter for the next page of results.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("next")]
+    public string? Next { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/ListUserEffectiveRolesResponseContent.cs b/src/Auth0.ManagementApi/Types/ListUserEffectiveRolesResponseContent.cs
new file mode 100644
index 000000000..0aab72fe0
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/ListUserEffectiveRolesResponseContent.cs
@@ -0,0 +1,35 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record ListUserEffectiveRolesResponseContent : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    [JsonPropertyName("roles")]
+    public IEnumerable<UserEffectiveRole> Roles { get; set; } = new List<UserEffectiveRole>();
+
+    /// <summary>
+    /// Cursor for the next page of results
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("next")]
+    public string? Next { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/ListUserRoleSourceGroupsResponseContent.cs b/src/Auth0.ManagementApi/Types/ListUserRoleSourceGroupsResponseContent.cs
new file mode 100644
index 000000000..c80a2a682
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/ListUserRoleSourceGroupsResponseContent.cs
@@ -0,0 +1,35 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record ListUserRoleSourceGroupsResponseContent : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    [JsonPropertyName("groups")]
+    public IEnumerable<Group> Groups { get; set; } = new List<Group>();
+
+    /// <summary>
+    /// A cursor to be used as the "from" query parameter for the next page of results.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("next")]
+    public string? Next { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/OauthScope.cs b/src/Auth0.ManagementApi/Types/OauthScope.cs
index a88a3ecc6..15d954be3 100644
--- a/src/Auth0.ManagementApi/Types/OauthScope.cs
+++ b/src/Auth0.ManagementApi/Types/OauthScope.cs
@@ -758,6 +758,32 @@ namespace Auth0.ManagementApi;
         Values.DeleteOrganizationDiscoveryDomains
     );
 
+    /// <summary>
+    /// Create Organization Group Roles
+    /// </summary>
+    public static readonly OauthScope CreateOrganizationGroupRoles = new(
+        Values.CreateOrganizationGroupRoles
+    );
+
+    /// <summary>
+    /// Read Organization Group Roles
+    /// </summary>
+    public static readonly OauthScope ReadOrganizationGroupRoles = new(
+        Values.ReadOrganizationGroupRoles
+    );
+
+    /// <summary>
+    /// Delete Organization Group Roles
+    /// </summary>
+    public static readonly OauthScope DeleteOrganizationGroupRoles = new(
+        Values.DeleteOrganizationGroupRoles
+    );
+
+    /// <summary>
+    /// Read Organization Groups
+    /// </summary>
+    public static readonly OauthScope ReadOrganizationGroups = new(Values.ReadOrganizationGroups);
+
     /// <summary>
     /// Create Organization Invitations
     /// </summary>
@@ -779,6 +805,20 @@ namespace Auth0.ManagementApi;
         Values.DeleteOrganizationInvitations
     );
 
+    /// <summary>
+    /// Read Organization Member Effective Roles
+    /// </summary>
+    public static readonly OauthScope ReadOrganizationMemberEffectiveRoles = new(
+        Values.ReadOrganizationMemberEffectiveRoles
+    );
+
+    /// <summary>
+    /// Read Organization Member Role Source Groups
+    /// </summary>
+    public static readonly OauthScope ReadOrganizationMemberRoleSourceGroups = new(
+        Values.ReadOrganizationMemberRoleSourceGroups
+    );
+
     /// <summary>
     /// Create Organization Member Roles
     /// </summary>
@@ -1207,11 +1247,37 @@ namespace Auth0.ManagementApi;
         Values.DeleteUserAttributeProfiles
     );
 
+    /// <summary>
+    /// Read User Effective Permissions
+    /// </summary>
+    public static readonly OauthScope ReadUserEffectivePermissions = new(
+        Values.ReadUserEffectivePermissions
+    );
+
+    /// <summary>
+    /// Read User Effective Roles
+    /// </summary>
+    public static readonly OauthScope ReadUserEffectiveRoles = new(Values.ReadUserEffectiveRoles);
+
     /// <summary>
     /// Read User Idp Tokens
     /// </summary>
     public static readonly OauthScope ReadUserIdpTokens = new(Values.ReadUserIdpTokens);
 
+    /// <summary>
+    /// Read User Permission Source Roles
+    /// </summary>
+    public static readonly OauthScope ReadUserPermissionSourceRoles = new(
+        Values.ReadUserPermissionSourceRoles
+    );
+
+    /// <summary>
+    /// Read User Role Source Groups
+    /// </summary>
+    public static readonly OauthScope ReadUserRoleSourceGroups = new(
+        Values.ReadUserRoleSourceGroups
+    );
+
     /// <summary>
     /// Create User Tickets
     /// </summary>
@@ -2045,6 +2111,26 @@ public static class Values
         public const string DeleteOrganizationDiscoveryDomains =
             "delete:organization_discovery_domains";
 
+        /// <summary>
+        /// Create Organization Group Roles
+        /// </summary>
+        public const string CreateOrganizationGroupRoles = "create:organization_group_roles";
+
+        /// <summary>
+        /// Read Organization Group Roles
+        /// </summary>
+        public const string ReadOrganizationGroupRoles = "read:organization_group_roles";
+
+        /// <summary>
+        /// Delete Organization Group Roles
+        /// </summary>
+        public const string DeleteOrganizationGroupRoles = "delete:organization_group_roles";
+
+        /// <summary>
+        /// Read Organization Groups
+        /// </summary>
+        public const string ReadOrganizationGroups = "read:organization_groups";
+
         /// <summary>
         /// Create Organization Invitations
         /// </summary>
@@ -2060,6 +2146,18 @@ public static class Values
         /// </summary>
         public const string DeleteOrganizationInvitations = "delete:organization_invitations";
 
+        /// <summary>
+        /// Read Organization Member Effective Roles
+        /// </summary>
+        public const string ReadOrganizationMemberEffectiveRoles =
+            "read:organization_member_effective_roles";
+
+        /// <summary>
+        /// Read Organization Member Role Source Groups
+        /// </summary>
+        public const string ReadOrganizationMemberRoleSourceGroups =
+            "read:organization_member_role_source_groups";
+
         /// <summary>
         /// Create Organization Member Roles
         /// </summary>
@@ -2452,11 +2550,31 @@ public static class Values
         /// </summary>
         public const string DeleteUserAttributeProfiles = "delete:user_attribute_profiles";
 
+        /// <summary>
+        /// Read User Effective Permissions
+        /// </summary>
+        public const string ReadUserEffectivePermissions = "read:user_effective_permissions";
+
+        /// <summary>
+        /// Read User Effective Roles
+        /// </summary>
+        public const string ReadUserEffectiveRoles = "read:user_effective_roles";
+
         /// <summary>
         /// Read User Idp Tokens
         /// </summary>
         public const string ReadUserIdpTokens = "read:user_idp_tokens";
 
+        /// <summary>
+        /// Read User Permission Source Roles
+        /// </summary>
+        public const string ReadUserPermissionSourceRoles = "read:user_permission_source_roles";
+
+        /// <summary>
+        /// Read User Role Source Groups
+        /// </summary>
+        public const string ReadUserRoleSourceGroups = "read:user_role_source_groups";
+
         /// <summary>
         /// Create User Tickets
         /// </summary>
diff --git a/src/Auth0.ManagementApi/Types/OrganizationMemberEffectiveRole.cs b/src/Auth0.ManagementApi/Types/OrganizationMemberEffectiveRole.cs
new file mode 100644
index 000000000..d13479c55
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/OrganizationMemberEffectiveRole.cs
@@ -0,0 +1,50 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record OrganizationMemberEffectiveRole : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    /// <summary>
+    /// Role ID
+    /// </summary>
+    [JsonPropertyName("id")]
+    public required string Id { get; set; }
+
+    /// <summary>
+    /// Role name
+    /// </summary>
+    [JsonPropertyName("name")]
+    public required string Name { get; set; }
+
+    /// <summary>
+    /// Role description
+    /// </summary>
+    [JsonPropertyName("description")]
+    public required string Description { get; set; }
+
+    /// <summary>
+    /// Sources of the role assignment (direct or through group membership)
+    /// </summary>
+    [JsonPropertyName("sources")]
+    public IEnumerable<OrganizationMemberEffectiveRoleSource> Sources { get; set; } =
+        new List<OrganizationMemberEffectiveRoleSource>();
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/OrganizationMemberEffectiveRoleSource.cs b/src/Auth0.ManagementApi/Types/OrganizationMemberEffectiveRoleSource.cs
new file mode 100644
index 000000000..af8dbd8cd
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/OrganizationMemberEffectiveRoleSource.cs
@@ -0,0 +1,120 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[JsonConverter(
+    typeof(OrganizationMemberEffectiveRoleSource.OrganizationMemberEffectiveRoleSourceSerializer)
+)]
+[Serializable]
+public readonly record struct OrganizationMemberEffectiveRoleSource : IStringEnum
+{
+    public static readonly OrganizationMemberEffectiveRoleSource Direct = new(Values.Direct);
+
+    public static readonly OrganizationMemberEffectiveRoleSource Groups = new(Values.Groups);
+
+    public OrganizationMemberEffectiveRoleSource(string value)
+    {
+        Value = value;
+    }
+
+    /// <summary>
+    /// The string value of the enum.
+    /// </summary>
+    public string Value { get; }
+
+    /// <summary>
+    /// Create a string enum with the given value.
+    /// </summary>
+    public static OrganizationMemberEffectiveRoleSource FromCustom(string value)
+    {
+        return new OrganizationMemberEffectiveRoleSource(value);
+    }
+
+    public bool Equals(string? other)
+    {
+        return Value.Equals(other);
+    }
+
+    /// <summary>
+    /// Returns the string value of the enum.
+    /// </summary>
+    public override string ToString()
+    {
+        return Value;
+    }
+
+    public static bool operator ==(OrganizationMemberEffectiveRoleSource value1, string value2) =>
+        value1.Value.Equals(value2);
+
+    public static bool operator !=(OrganizationMemberEffectiveRoleSource value1, string value2) =>
+        !value1.Value.Equals(value2);
+
+    public static explicit operator string(OrganizationMemberEffectiveRoleSource value) =>
+        value.Value;
+
+    public static explicit operator OrganizationMemberEffectiveRoleSource(string value) =>
+        new(value);
+
+    internal class OrganizationMemberEffectiveRoleSourceSerializer
+        : JsonConverter<OrganizationMemberEffectiveRoleSource>
+    {
+        public override OrganizationMemberEffectiveRoleSource Read(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON value could not be read as a string."
+                );
+            return new OrganizationMemberEffectiveRoleSource(stringValue);
+        }
+
+        public override void Write(
+            Utf8JsonWriter writer,
+            OrganizationMemberEffectiveRoleSource value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WriteStringValue(value.Value);
+        }
+
+        public override OrganizationMemberEffectiveRoleSource ReadAsPropertyName(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON property name could not be read as a string."
+                );
+            return new OrganizationMemberEffectiveRoleSource(stringValue);
+        }
+
+        public override void WriteAsPropertyName(
+            Utf8JsonWriter writer,
+            OrganizationMemberEffectiveRoleSource value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WritePropertyName(value.Value);
+        }
+    }
+
+    /// <summary>
+    /// Constant strings for enum values
+    /// </summary>
+    [Serializable]
+    public static class Values
+    {
+        public const string Direct = "direct";
+
+        public const string Groups = "groups";
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodes.cs b/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodes.cs
new file mode 100644
index 000000000..4f0e9f3e1
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodes.cs
@@ -0,0 +1,39 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+/// <summary>
+/// Phone country code configuration for identifier input.
+/// </summary>
+[Serializable]
+public record TenantSettingsCountryCodes : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    /// <summary>
+    /// Array of ISO 3166-1 alpha-2 country codes.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("list")]
+    public IEnumerable<string>? List { get; set; }
+
+    [Optional]
+    [JsonPropertyName("mode")]
+    public TenantSettingsCountryCodesMode? Mode { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodesMode.cs b/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodesMode.cs
new file mode 100644
index 000000000..99b82d8d6
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodesMode.cs
@@ -0,0 +1,116 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[JsonConverter(typeof(TenantSettingsCountryCodesMode.TenantSettingsCountryCodesModeSerializer))]
+[Serializable]
+public readonly record struct TenantSettingsCountryCodesMode : IStringEnum
+{
+    public static readonly TenantSettingsCountryCodesMode Allow = new(Values.Allow);
+
+    public static readonly TenantSettingsCountryCodesMode Deny = new(Values.Deny);
+
+    public TenantSettingsCountryCodesMode(string value)
+    {
+        Value = value;
+    }
+
+    /// <summary>
+    /// The string value of the enum.
+    /// </summary>
+    public string Value { get; }
+
+    /// <summary>
+    /// Create a string enum with the given value.
+    /// </summary>
+    public static TenantSettingsCountryCodesMode FromCustom(string value)
+    {
+        return new TenantSettingsCountryCodesMode(value);
+    }
+
+    public bool Equals(string? other)
+    {
+        return Value.Equals(other);
+    }
+
+    /// <summary>
+    /// Returns the string value of the enum.
+    /// </summary>
+    public override string ToString()
+    {
+        return Value;
+    }
+
+    public static bool operator ==(TenantSettingsCountryCodesMode value1, string value2) =>
+        value1.Value.Equals(value2);
+
+    public static bool operator !=(TenantSettingsCountryCodesMode value1, string value2) =>
+        !value1.Value.Equals(value2);
+
+    public static explicit operator string(TenantSettingsCountryCodesMode value) => value.Value;
+
+    public static explicit operator TenantSettingsCountryCodesMode(string value) => new(value);
+
+    internal class TenantSettingsCountryCodesModeSerializer
+        : JsonConverter<TenantSettingsCountryCodesMode>
+    {
+        public override TenantSettingsCountryCodesMode Read(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON value could not be read as a string."
+                );
+            return new TenantSettingsCountryCodesMode(stringValue);
+        }
+
+        public override void Write(
+            Utf8JsonWriter writer,
+            TenantSettingsCountryCodesMode value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WriteStringValue(value.Value);
+        }
+
+        public override TenantSettingsCountryCodesMode ReadAsPropertyName(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON property name could not be read as a string."
+                );
+            return new TenantSettingsCountryCodesMode(stringValue);
+        }
+
+        public override void WriteAsPropertyName(
+            Utf8JsonWriter writer,
+            TenantSettingsCountryCodesMode value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WritePropertyName(value.Value);
+        }
+    }
+
+    /// <summary>
+    /// Constant strings for enum values
+    /// </summary>
+    [Serializable]
+    public static class Values
+    {
+        public const string Allow = "allow";
+
+        public const string Deny = "deny";
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodesModeResponse.cs b/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodesModeResponse.cs
new file mode 100644
index 000000000..c8b7f8fa1
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodesModeResponse.cs
@@ -0,0 +1,120 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[JsonConverter(
+    typeof(TenantSettingsCountryCodesModeResponse.TenantSettingsCountryCodesModeResponseSerializer)
+)]
+[Serializable]
+public readonly record struct TenantSettingsCountryCodesModeResponse : IStringEnum
+{
+    public static readonly TenantSettingsCountryCodesModeResponse Allow = new(Values.Allow);
+
+    public static readonly TenantSettingsCountryCodesModeResponse Deny = new(Values.Deny);
+
+    public TenantSettingsCountryCodesModeResponse(string value)
+    {
+        Value = value;
+    }
+
+    /// <summary>
+    /// The string value of the enum.
+    /// </summary>
+    public string Value { get; }
+
+    /// <summary>
+    /// Create a string enum with the given value.
+    /// </summary>
+    public static TenantSettingsCountryCodesModeResponse FromCustom(string value)
+    {
+        return new TenantSettingsCountryCodesModeResponse(value);
+    }
+
+    public bool Equals(string? other)
+    {
+        return Value.Equals(other);
+    }
+
+    /// <summary>
+    /// Returns the string value of the enum.
+    /// </summary>
+    public override string ToString()
+    {
+        return Value;
+    }
+
+    public static bool operator ==(TenantSettingsCountryCodesModeResponse value1, string value2) =>
+        value1.Value.Equals(value2);
+
+    public static bool operator !=(TenantSettingsCountryCodesModeResponse value1, string value2) =>
+        !value1.Value.Equals(value2);
+
+    public static explicit operator string(TenantSettingsCountryCodesModeResponse value) =>
+        value.Value;
+
+    public static explicit operator TenantSettingsCountryCodesModeResponse(string value) =>
+        new(value);
+
+    internal class TenantSettingsCountryCodesModeResponseSerializer
+        : JsonConverter<TenantSettingsCountryCodesModeResponse>
+    {
+        public override TenantSettingsCountryCodesModeResponse Read(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON value could not be read as a string."
+                );
+            return new TenantSettingsCountryCodesModeResponse(stringValue);
+        }
+
+        public override void Write(
+            Utf8JsonWriter writer,
+            TenantSettingsCountryCodesModeResponse value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WriteStringValue(value.Value);
+        }
+
+        public override TenantSettingsCountryCodesModeResponse ReadAsPropertyName(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON property name could not be read as a string."
+                );
+            return new TenantSettingsCountryCodesModeResponse(stringValue);
+        }
+
+        public override void WriteAsPropertyName(
+            Utf8JsonWriter writer,
+            TenantSettingsCountryCodesModeResponse value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WritePropertyName(value.Value);
+        }
+    }
+
+    /// <summary>
+    /// Constant strings for enum values
+    /// </summary>
+    [Serializable]
+    public static class Values
+    {
+        public const string Allow = "allow";
+
+        public const string Deny = "deny";
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodesResponse.cs b/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodesResponse.cs
new file mode 100644
index 000000000..c80352671
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/TenantSettingsCountryCodesResponse.cs
@@ -0,0 +1,39 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+/// <summary>
+/// Phone country code configuration for identifier input.
+/// </summary>
+[Serializable]
+public record TenantSettingsCountryCodesResponse : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    /// <summary>
+    /// Array of ISO 3166-1 alpha-2 country codes.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("list")]
+    public IEnumerable<string>? List { get; set; }
+
+    [Optional]
+    [JsonPropertyName("mode")]
+    public TenantSettingsCountryCodesModeResponse? Mode { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/UpdateTenantSettingsResponseContent.cs b/src/Auth0.ManagementApi/Types/UpdateTenantSettingsResponseContent.cs
index a5125a533..85af7aa5a 100644
--- a/src/Auth0.ManagementApi/Types/UpdateTenantSettingsResponseContent.cs
+++ b/src/Auth0.ManagementApi/Types/UpdateTenantSettingsResponseContent.cs
@@ -236,6 +236,10 @@ public record UpdateTenantSettingsResponseContent : IJsonOnDeserialized
     [JsonPropertyName("dynamic_client_registration_security_mode")]
     public TenantSettingsDynamicClientRegistrationSecurityMode? DynamicClientRegistrationSecurityMode { get; set; }
 
+    [Optional]
+    [JsonPropertyName("country_codes")]
+    public TenantSettingsCountryCodesResponse? CountryCodes { get; set; }
+
     [JsonIgnore]
     public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
 
diff --git a/src/Auth0.ManagementApi/Types/UserEffectivePermissionResponseContent.cs b/src/Auth0.ManagementApi/Types/UserEffectivePermissionResponseContent.cs
new file mode 100644
index 000000000..d47675acf
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/UserEffectivePermissionResponseContent.cs
@@ -0,0 +1,60 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record UserEffectivePermissionResponseContent : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    /// <summary>
+    /// Resource server (API) identifier that this permission is for.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("resource_server_identifier")]
+    public string? ResourceServerIdentifier { get; set; }
+
+    /// <summary>
+    /// Name of this permission.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("permission_name")]
+    public string? PermissionName { get; set; }
+
+    /// <summary>
+    /// Resource server (API) name this permission is for.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("resource_server_name")]
+    public string? ResourceServerName { get; set; }
+
+    /// <summary>
+    /// Description of this permission.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("description")]
+    public string? Description { get; set; }
+
+    /// <summary>
+    /// List of sources where this permission is coming from.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("sources")]
+    public IEnumerable<UserEffectivePermissionSourceEnum>? Sources { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/UserEffectivePermissionRoleSourceEnum.cs b/src/Auth0.ManagementApi/Types/UserEffectivePermissionRoleSourceEnum.cs
new file mode 100644
index 000000000..82262db77
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/UserEffectivePermissionRoleSourceEnum.cs
@@ -0,0 +1,120 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[JsonConverter(
+    typeof(UserEffectivePermissionRoleSourceEnum.UserEffectivePermissionRoleSourceEnumSerializer)
+)]
+[Serializable]
+public readonly record struct UserEffectivePermissionRoleSourceEnum : IStringEnum
+{
+    public static readonly UserEffectivePermissionRoleSourceEnum Direct = new(Values.Direct);
+
+    public static readonly UserEffectivePermissionRoleSourceEnum Groups = new(Values.Groups);
+
+    public UserEffectivePermissionRoleSourceEnum(string value)
+    {
+        Value = value;
+    }
+
+    /// <summary>
+    /// The string value of the enum.
+    /// </summary>
+    public string Value { get; }
+
+    /// <summary>
+    /// Create a string enum with the given value.
+    /// </summary>
+    public static UserEffectivePermissionRoleSourceEnum FromCustom(string value)
+    {
+        return new UserEffectivePermissionRoleSourceEnum(value);
+    }
+
+    public bool Equals(string? other)
+    {
+        return Value.Equals(other);
+    }
+
+    /// <summary>
+    /// Returns the string value of the enum.
+    /// </summary>
+    public override string ToString()
+    {
+        return Value;
+    }
+
+    public static bool operator ==(UserEffectivePermissionRoleSourceEnum value1, string value2) =>
+        value1.Value.Equals(value2);
+
+    public static bool operator !=(UserEffectivePermissionRoleSourceEnum value1, string value2) =>
+        !value1.Value.Equals(value2);
+
+    public static explicit operator string(UserEffectivePermissionRoleSourceEnum value) =>
+        value.Value;
+
+    public static explicit operator UserEffectivePermissionRoleSourceEnum(string value) =>
+        new(value);
+
+    internal class UserEffectivePermissionRoleSourceEnumSerializer
+        : JsonConverter<UserEffectivePermissionRoleSourceEnum>
+    {
+        public override UserEffectivePermissionRoleSourceEnum Read(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON value could not be read as a string."
+                );
+            return new UserEffectivePermissionRoleSourceEnum(stringValue);
+        }
+
+        public override void Write(
+            Utf8JsonWriter writer,
+            UserEffectivePermissionRoleSourceEnum value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WriteStringValue(value.Value);
+        }
+
+        public override UserEffectivePermissionRoleSourceEnum ReadAsPropertyName(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON property name could not be read as a string."
+                );
+            return new UserEffectivePermissionRoleSourceEnum(stringValue);
+        }
+
+        public override void WriteAsPropertyName(
+            Utf8JsonWriter writer,
+            UserEffectivePermissionRoleSourceEnum value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WritePropertyName(value.Value);
+        }
+    }
+
+    /// <summary>
+    /// Constant strings for enum values
+    /// </summary>
+    [Serializable]
+    public static class Values
+    {
+        public const string Direct = "direct";
+
+        public const string Groups = "groups";
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/UserEffectivePermissionRoleSourceResponseContent.cs b/src/Auth0.ManagementApi/Types/UserEffectivePermissionRoleSourceResponseContent.cs
new file mode 100644
index 000000000..abb80afea
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/UserEffectivePermissionRoleSourceResponseContent.cs
@@ -0,0 +1,53 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record UserEffectivePermissionRoleSourceResponseContent : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    /// <summary>
+    /// ID for this role.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("id")]
+    public string? Id { get; set; }
+
+    /// <summary>
+    /// Name of this role.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("name")]
+    public string? Name { get; set; }
+
+    /// <summary>
+    /// Description of this role.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("description")]
+    public string? Description { get; set; }
+
+    /// <summary>
+    /// List of sources where this role is coming from.
+    /// </summary>
+    [Optional]
+    [JsonPropertyName("sources")]
+    public IEnumerable<UserEffectivePermissionRoleSourceEnum>? Sources { get; set; }
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/UserEffectivePermissionSourceEnum.cs b/src/Auth0.ManagementApi/Types/UserEffectivePermissionSourceEnum.cs
new file mode 100644
index 000000000..4ae50f9b5
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/UserEffectivePermissionSourceEnum.cs
@@ -0,0 +1,118 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[JsonConverter(
+    typeof(UserEffectivePermissionSourceEnum.UserEffectivePermissionSourceEnumSerializer)
+)]
+[Serializable]
+public readonly record struct UserEffectivePermissionSourceEnum : IStringEnum
+{
+    public static readonly UserEffectivePermissionSourceEnum Direct = new(Values.Direct);
+
+    public static readonly UserEffectivePermissionSourceEnum Roles = new(Values.Roles);
+
+    public UserEffectivePermissionSourceEnum(string value)
+    {
+        Value = value;
+    }
+
+    /// <summary>
+    /// The string value of the enum.
+    /// </summary>
+    public string Value { get; }
+
+    /// <summary>
+    /// Create a string enum with the given value.
+    /// </summary>
+    public static UserEffectivePermissionSourceEnum FromCustom(string value)
+    {
+        return new UserEffectivePermissionSourceEnum(value);
+    }
+
+    public bool Equals(string? other)
+    {
+        return Value.Equals(other);
+    }
+
+    /// <summary>
+    /// Returns the string value of the enum.
+    /// </summary>
+    public override string ToString()
+    {
+        return Value;
+    }
+
+    public static bool operator ==(UserEffectivePermissionSourceEnum value1, string value2) =>
+        value1.Value.Equals(value2);
+
+    public static bool operator !=(UserEffectivePermissionSourceEnum value1, string value2) =>
+        !value1.Value.Equals(value2);
+
+    public static explicit operator string(UserEffectivePermissionSourceEnum value) => value.Value;
+
+    public static explicit operator UserEffectivePermissionSourceEnum(string value) => new(value);
+
+    internal class UserEffectivePermissionSourceEnumSerializer
+        : JsonConverter<UserEffectivePermissionSourceEnum>
+    {
+        public override UserEffectivePermissionSourceEnum Read(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON value could not be read as a string."
+                );
+            return new UserEffectivePermissionSourceEnum(stringValue);
+        }
+
+        public override void Write(
+            Utf8JsonWriter writer,
+            UserEffectivePermissionSourceEnum value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WriteStringValue(value.Value);
+        }
+
+        public override UserEffectivePermissionSourceEnum ReadAsPropertyName(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON property name could not be read as a string."
+                );
+            return new UserEffectivePermissionSourceEnum(stringValue);
+        }
+
+        public override void WriteAsPropertyName(
+            Utf8JsonWriter writer,
+            UserEffectivePermissionSourceEnum value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WritePropertyName(value.Value);
+        }
+    }
+
+    /// <summary>
+    /// Constant strings for enum values
+    /// </summary>
+    [Serializable]
+    public static class Values
+    {
+        public const string Direct = "direct";
+
+        public const string Roles = "roles";
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/UserEffectiveRole.cs b/src/Auth0.ManagementApi/Types/UserEffectiveRole.cs
new file mode 100644
index 000000000..3215a3b2e
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/UserEffectiveRole.cs
@@ -0,0 +1,50 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[Serializable]
+public record UserEffectiveRole : IJsonOnDeserialized
+{
+    [JsonExtensionData]
+    private readonly IDictionary<string, JsonElement> _extensionData =
+        new Dictionary<string, JsonElement>();
+
+    /// <summary>
+    /// Role ID
+    /// </summary>
+    [JsonPropertyName("id")]
+    public required string Id { get; set; }
+
+    /// <summary>
+    /// Role name
+    /// </summary>
+    [JsonPropertyName("name")]
+    public required string Name { get; set; }
+
+    /// <summary>
+    /// Role description
+    /// </summary>
+    [JsonPropertyName("description")]
+    public required string Description { get; set; }
+
+    /// <summary>
+    /// Sources of the role assignment (direct or through group membership)
+    /// </summary>
+    [JsonPropertyName("sources")]
+    public IEnumerable<UserEffectiveRoleSource> Sources { get; set; } =
+        new List<UserEffectiveRoleSource>();
+
+    [JsonIgnore]
+    public ReadOnlyAdditionalProperties AdditionalProperties { get; private set; } = new();
+
+    void IJsonOnDeserialized.OnDeserialized() =>
+        AdditionalProperties.CopyFromExtensionData(_extensionData);
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Types/UserEffectiveRoleSource.cs b/src/Auth0.ManagementApi/Types/UserEffectiveRoleSource.cs
new file mode 100644
index 000000000..0e077680a
--- /dev/null
+++ b/src/Auth0.ManagementApi/Types/UserEffectiveRoleSource.cs
@@ -0,0 +1,115 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi;
+
+[JsonConverter(typeof(UserEffectiveRoleSource.UserEffectiveRoleSourceSerializer))]
+[Serializable]
+public readonly record struct UserEffectiveRoleSource : IStringEnum
+{
+    public static readonly UserEffectiveRoleSource Direct = new(Values.Direct);
+
+    public static readonly UserEffectiveRoleSource Groups = new(Values.Groups);
+
+    public UserEffectiveRoleSource(string value)
+    {
+        Value = value;
+    }
+
+    /// <summary>
+    /// The string value of the enum.
+    /// </summary>
+    public string Value { get; }
+
+    /// <summary>
+    /// Create a string enum with the given value.
+    /// </summary>
+    public static UserEffectiveRoleSource FromCustom(string value)
+    {
+        return new UserEffectiveRoleSource(value);
+    }
+
+    public bool Equals(string? other)
+    {
+        return Value.Equals(other);
+    }
+
+    /// <summary>
+    /// Returns the string value of the enum.
+    /// </summary>
+    public override string ToString()
+    {
+        return Value;
+    }
+
+    public static bool operator ==(UserEffectiveRoleSource value1, string value2) =>
+        value1.Value.Equals(value2);
+
+    public static bool operator !=(UserEffectiveRoleSource value1, string value2) =>
+        !value1.Value.Equals(value2);
+
+    public static explicit operator string(UserEffectiveRoleSource value) => value.Value;
+
+    public static explicit operator UserEffectiveRoleSource(string value) => new(value);
+
+    internal class UserEffectiveRoleSourceSerializer : JsonConverter<UserEffectiveRoleSource>
+    {
+        public override UserEffectiveRoleSource Read(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON value could not be read as a string."
+                );
+            return new UserEffectiveRoleSource(stringValue);
+        }
+
+        public override void Write(
+            Utf8JsonWriter writer,
+            UserEffectiveRoleSource value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WriteStringValue(value.Value);
+        }
+
+        public override UserEffectiveRoleSource ReadAsPropertyName(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options
+        )
+        {
+            var stringValue =
+                reader.GetString()
+                ?? throw new global::System.Exception(
+                    "The JSON property name could not be read as a string."
+                );
+            return new UserEffectiveRoleSource(stringValue);
+        }
+
+        public override void WriteAsPropertyName(
+            Utf8JsonWriter writer,
+            UserEffectiveRoleSource value,
+            JsonSerializerOptions options
+        )
+        {
+            writer.WritePropertyName(value.Value);
+        }
+    }
+
+    /// <summary>
+    /// Constant strings for enum values
+    /// </summary>
+    [Serializable]
+    public static class Values
+    {
+        public const string Direct = "direct";
+
+        public const string Groups = "groups";
+    }
+}
diff --git a/src/Auth0.ManagementApi/UserBlocks/IUserBlocksClient.cs b/src/Auth0.ManagementApi/UserBlocks/IUserBlocksClient.cs
index 654106c2e..2bcb64f62 100644
--- a/src/Auth0.ManagementApi/UserBlocks/IUserBlocksClient.cs
+++ b/src/Auth0.ManagementApi/UserBlocks/IUserBlocksClient.cs
@@ -3,7 +3,7 @@ namespace Auth0.ManagementApi;
 public partial interface IUserBlocksClient
 {
     /// <summary>
-    /// Retrieve details of all <see href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</see> blocks for a user with the given identifier (username, phone number, or email).
+    /// Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for a user with the given identifier (username, phone number, or email).
     /// </summary>
     WithRawResponseTask<ListUserBlocksByIdentifierResponseContent> ListByIdentifierAsync(
         ListUserBlocksByIdentifierRequestParameters request,
@@ -12,9 +12,9 @@ WithRawResponseTask<ListUserBlocksByIdentifierResponseContent> ListByIdentifierA
     );
 
     /// <summary>
-    /// Remove all <see href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</see> blocks for the user with the given identifier (username, phone number, or email).
+    /// Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given identifier (username, phone number, or email).
     ///
-    /// Note: This endpoint does not unblock users that were <see href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</see>.
+    /// Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
     /// </summary>
     Task DeleteByIdentifierAsync(
         DeleteUserBlocksByIdentifierRequestParameters request,
@@ -23,7 +23,7 @@ Task DeleteByIdentifierAsync(
     );
 
     /// <summary>
-    /// Retrieve details of all <see href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</see> blocks for the user with the given ID.
+    /// Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
     /// </summary>
     WithRawResponseTask<ListUserBlocksResponseContent> ListAsync(
         string id,
@@ -33,9 +33,9 @@ WithRawResponseTask<ListUserBlocksResponseContent> ListAsync(
     );
 
     /// <summary>
-    /// Remove all <see href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</see> blocks for the user with the given ID.
+    /// Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
     ///
-    /// Note: This endpoint does not unblock users that were <see href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</see>.
+    /// Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
     /// </summary>
     Task DeleteAsync(
         string id,
diff --git a/src/Auth0.ManagementApi/UserBlocks/UserBlocksClient.cs b/src/Auth0.ManagementApi/UserBlocks/UserBlocksClient.cs
index cd0280d54..9c4d5f396 100644
--- a/src/Auth0.ManagementApi/UserBlocks/UserBlocksClient.cs
+++ b/src/Auth0.ManagementApi/UserBlocks/UserBlocksClient.cs
@@ -209,7 +209,7 @@ private async Task<WithRawResponse<ListUserBlocksResponseContent>> ListAsyncCore
     }
 
     /// <summary>
-    /// Retrieve details of all <see href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</see> blocks for a user with the given identifier (username, phone number, or email).
+    /// Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for a user with the given identifier (username, phone number, or email).
     /// </summary>
     /// <example><code>
     /// await client.UserBlocks.ListByIdentifierAsync(
@@ -232,9 +232,9 @@ public WithRawResponseTask<ListUserBlocksByIdentifierResponseContent> ListByIden
     }
 
     /// <summary>
-    /// Remove all <see href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</see> blocks for the user with the given identifier (username, phone number, or email).
+    /// Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given identifier (username, phone number, or email).
     ///
-    /// Note: This endpoint does not unblock users that were <see href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</see>.
+    /// Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
     /// </summary>
     /// <example><code>
     /// await client.UserBlocks.DeleteByIdentifierAsync(
@@ -305,7 +305,7 @@ public async Task DeleteByIdentifierAsync(
     }
 
     /// <summary>
-    /// Retrieve details of all <see href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</see> blocks for the user with the given ID.
+    /// Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
     /// </summary>
     /// <example><code>
     /// await client.UserBlocks.ListAsync(
@@ -326,9 +326,9 @@ public WithRawResponseTask<ListUserBlocksResponseContent> ListAsync(
     }
 
     /// <summary>
-    /// Remove all <see href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</see> blocks for the user with the given ID.
+    /// Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
     ///
-    /// Note: This endpoint does not unblock users that were <see href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</see>.
+    /// Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
     /// </summary>
     /// <example><code>
     /// await client.UserBlocks.DeleteAsync("id");
diff --git a/src/Auth0.ManagementApi/UserGrants/IUserGrantsClient.cs b/src/Auth0.ManagementApi/UserGrants/IUserGrantsClient.cs
index 342207221..0bd1ebe7d 100644
--- a/src/Auth0.ManagementApi/UserGrants/IUserGrantsClient.cs
+++ b/src/Auth0.ManagementApi/UserGrants/IUserGrantsClient.cs
@@ -5,7 +5,7 @@ namespace Auth0.ManagementApi;
 public partial interface IUserGrantsClient
 {
     /// <summary>
-    /// Retrieve the <see href="https://auth0.com/docs/api-auth/which-oauth-flow-to-use">grants</see> associated with your account.
+    /// Retrieve the [grants](https://auth0.com/docs/api-auth/which-oauth-flow-to-use) associated with your account.
     /// </summary>
     Task<Pager<UserGrant>> ListAsync(
         ListUserGrantsRequestParameters request,
diff --git a/src/Auth0.ManagementApi/UserGrants/UserGrantsClient.cs b/src/Auth0.ManagementApi/UserGrants/UserGrantsClient.cs
index 97879b6ad..ece6d9788 100644
--- a/src/Auth0.ManagementApi/UserGrants/UserGrantsClient.cs
+++ b/src/Auth0.ManagementApi/UserGrants/UserGrantsClient.cs
@@ -13,7 +13,7 @@ internal UserGrantsClient(RawClient client)
     }
 
     /// <summary>
-    /// Retrieve the <see href="https://auth0.com/docs/api-auth/which-oauth-flow-to-use">grants</see> associated with your account.
+    /// Retrieve the [grants](https://auth0.com/docs/api-auth/which-oauth-flow-to-use) associated with your account.
     /// </summary>
     private WithRawResponseTask<ListUserGrantsOffsetPaginatedResponseContent> ListInternalAsync(
         ListUserGrantsRequestParameters request,
@@ -126,7 +126,7 @@ private async Task<
     }
 
     /// <summary>
-    /// Retrieve the <see href="https://auth0.com/docs/api-auth/which-oauth-flow-to-use">grants</see> associated with your account.
+    /// Retrieve the [grants](https://auth0.com/docs/api-auth/which-oauth-flow-to-use) associated with your account.
     /// </summary>
     /// <example><code>
     /// await client.UserGrants.ListAsync(
diff --git a/src/Auth0.ManagementApi/Users/EffectivePermissions/EffectivePermissionsClient.cs b/src/Auth0.ManagementApi/Users/EffectivePermissions/EffectivePermissionsClient.cs
new file mode 100644
index 000000000..522c611ff
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectivePermissions/EffectivePermissionsClient.cs
@@ -0,0 +1,184 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+
+namespace Auth0.ManagementApi.Users;
+
+public partial class EffectivePermissionsClient : IEffectivePermissionsClient
+{
+    private readonly RawClient _client;
+
+    internal EffectivePermissionsClient(RawClient client)
+    {
+        _client = client;
+        Sources = new Auth0.ManagementApi.Users.EffectivePermissions.Sources.SourcesClient(_client);
+    }
+
+    public Auth0.ManagementApi.Users.EffectivePermissions.Sources.ISourcesClient Sources { get; }
+
+    /// <summary>
+    /// Returns the list of effective permissions for a user, taking into account permissions granted directly to the user, as well as those inherited through roles and group memberships.
+    /// </summary>
+    private WithRawResponseTask<ListUserEffectivePermissionsResponseContent> ListInternalAsync(
+        string id,
+        ListUserEffectivePermissionsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        return new WithRawResponseTask<ListUserEffectivePermissionsResponseContent>(
+            ListInternalAsyncCore(id, request, options, cancellationToken)
+        );
+    }
+
+    private async Task<
+        WithRawResponse<ListUserEffectivePermissionsResponseContent>
+    > ListInternalAsyncCore(
+        string id,
+        ListUserEffectivePermissionsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _queryString = new Auth0.ManagementApi.Core.QueryStringBuilder.Builder(capacity: 3)
+            .Add("from", request.From.IsDefined ? request.From.Value : null)
+            .Add("take", request.Take.IsDefined ? request.Take.Value : null)
+            .Add("resource_server_identifier", request.ResourceServerIdentifier)
+            .MergeAdditional(options?.AdditionalQueryParameters)
+            .Build();
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Get,
+                    Path = string.Format(
+                        "users/{0}/effective-permissions",
+                        ValueConvert.ToPathParameterString(id)
+                    ),
+                    QueryString = _queryString,
+                    Headers = _headers,
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                var responseData =
+                    JsonUtils.Deserialize<ListUserEffectivePermissionsResponseContent>(
+                        responseBody
+                    )!;
+                return new WithRawResponse<ListUserEffectivePermissionsResponseContent>()
+                {
+                    Data = responseData,
+                    RawResponse = new RawResponse()
+                    {
+                        StatusCode = response.Raw.StatusCode,
+                        Url = response.Raw.RequestMessage?.RequestUri ?? new Uri("about:blank"),
+                        Headers = ResponseHeaders.FromHttpResponseMessage(response.Raw),
+                    },
+                };
+            }
+            catch (JsonException e)
+            {
+                throw new ManagementApiException(
+                    "Failed to deserialize response",
+                    response.StatusCode,
+                    null,
+                    e
+                );
+            }
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 404:
+                        throw new NotFoundError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+
+    /// <summary>
+    /// Returns the list of effective permissions for a user, taking into account permissions granted directly to the user, as well as those inherited through roles and group memberships.
+    /// </summary>
+    /// <example><code>
+    /// await client.Users.EffectivePermissions.ListAsync(
+    ///     "id",
+    ///     new ListUserEffectivePermissionsRequestParameters
+    ///     {
+    ///         From = "from",
+    ///         Take = 1,
+    ///         ResourceServerIdentifier = "resource_server_identifier",
+    ///     }
+    /// );
+    /// </code></example>
+    public async Task<Pager<UserEffectivePermissionResponseContent>> ListAsync(
+        string id,
+        ListUserEffectivePermissionsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        if (request is not null)
+        {
+            request = request with { };
+        }
+        var pager = await CursorPager<
+            ListUserEffectivePermissionsRequestParameters,
+            RequestOptions?,
+            ListUserEffectivePermissionsResponseContent,
+            string?,
+            UserEffectivePermissionResponseContent
+        >
+            .CreateInstanceAsync(
+                request,
+                options,
+                async (request, options, cancellationToken) =>
+                    await ListInternalAsync(id, request, options, cancellationToken)
+                        .WithRawResponse(),
+                (request, cursor) =>
+                {
+                    request.From = cursor;
+                },
+                response => response.Next,
+                response => response.Permissions?.ToList(),
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        return pager;
+    }
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectivePermissions/IEffectivePermissionsClient.cs b/src/Auth0.ManagementApi/Users/EffectivePermissions/IEffectivePermissionsClient.cs
new file mode 100644
index 000000000..acd556363
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectivePermissions/IEffectivePermissionsClient.cs
@@ -0,0 +1,19 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Users;
+
+public partial interface IEffectivePermissionsClient
+{
+    public Auth0.ManagementApi.Users.EffectivePermissions.Sources.ISourcesClient Sources { get; }
+
+    /// <summary>
+    /// Returns the list of effective permissions for a user, taking into account permissions granted directly to the user, as well as those inherited through roles and group memberships.
+    /// </summary>
+    Task<Pager<UserEffectivePermissionResponseContent>> ListAsync(
+        string id,
+        ListUserEffectivePermissionsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectivePermissions/Requests/ListUserEffectivePermissionsRequestParameters.cs b/src/Auth0.ManagementApi/Users/EffectivePermissions/Requests/ListUserEffectivePermissionsRequestParameters.cs
new file mode 100644
index 000000000..2ed68df56
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectivePermissions/Requests/ListUserEffectivePermissionsRequestParameters.cs
@@ -0,0 +1,32 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Users;
+
+[Serializable]
+public record ListUserEffectivePermissionsRequestParameters
+{
+    /// <summary>
+    /// Optional Id from which to start selection.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<string?> From { get; set; }
+
+    /// <summary>
+    /// Number of results per page. Defaults to 50.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<int?> Take { get; set; } = 50;
+
+    /// <summary>
+    /// The identifier of the resource server for which to calculate user permissions.
+    /// </summary>
+    [JsonIgnore]
+    public required string ResourceServerIdentifier { get; set; }
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/ISourcesClient.cs b/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/ISourcesClient.cs
new file mode 100644
index 000000000..d037998be
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/ISourcesClient.cs
@@ -0,0 +1,6 @@
+namespace Auth0.ManagementApi.Users.EffectivePermissions.Sources;
+
+public partial interface ISourcesClient
+{
+    public IRolesClient Roles { get; }
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/Roles/IRolesClient.cs b/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/Roles/IRolesClient.cs
new file mode 100644
index 000000000..64641a1bc
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/Roles/IRolesClient.cs
@@ -0,0 +1,17 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Users.EffectivePermissions.Sources;
+
+public partial interface IRolesClient
+{
+    /// <summary>
+    /// Lists the roles which grant the user a given permission, including roles assigned directly to the user and those inherited through group memberships.
+    /// </summary>
+    Task<Pager<UserEffectivePermissionRoleSourceResponseContent>> ListAsync(
+        string id,
+        ListUserEffectivePermissionRoleSourceRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/Roles/Requests/ListUserEffectivePermissionRoleSourceRequestParameters.cs b/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/Roles/Requests/ListUserEffectivePermissionRoleSourceRequestParameters.cs
new file mode 100644
index 000000000..e8e9325b6
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/Roles/Requests/ListUserEffectivePermissionRoleSourceRequestParameters.cs
@@ -0,0 +1,38 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Users.EffectivePermissions.Sources;
+
+[Serializable]
+public record ListUserEffectivePermissionRoleSourceRequestParameters
+{
+    /// <summary>
+    /// Optional Id from which to start selection.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<string?> From { get; set; }
+
+    /// <summary>
+    /// Number of results per page. Defaults to 50.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<int?> Take { get; set; } = 50;
+
+    /// <summary>
+    /// The identifier of the resource server for which to calculate user permissions.
+    /// </summary>
+    [JsonIgnore]
+    public required string ResourceServerIdentifier { get; set; }
+
+    /// <summary>
+    /// Name of this permission
+    /// </summary>
+    [JsonIgnore]
+    public required string PermissionName { get; set; }
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/Roles/RolesClient.cs b/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/Roles/RolesClient.cs
new file mode 100644
index 000000000..15d7e9ab1
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/Roles/RolesClient.cs
@@ -0,0 +1,183 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+
+namespace Auth0.ManagementApi.Users.EffectivePermissions.Sources;
+
+public partial class RolesClient : IRolesClient
+{
+    private readonly RawClient _client;
+
+    internal RolesClient(RawClient client)
+    {
+        _client = client;
+    }
+
+    /// <summary>
+    /// Lists the roles which grant the user a given permission, including roles assigned directly to the user and those inherited through group memberships.
+    /// </summary>
+    private WithRawResponseTask<ListUserEffectivePermissionRoleSourcesResponseContent> ListInternalAsync(
+        string id,
+        ListUserEffectivePermissionRoleSourceRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        return new WithRawResponseTask<ListUserEffectivePermissionRoleSourcesResponseContent>(
+            ListInternalAsyncCore(id, request, options, cancellationToken)
+        );
+    }
+
+    private async Task<
+        WithRawResponse<ListUserEffectivePermissionRoleSourcesResponseContent>
+    > ListInternalAsyncCore(
+        string id,
+        ListUserEffectivePermissionRoleSourceRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _queryString = new Auth0.ManagementApi.Core.QueryStringBuilder.Builder(capacity: 4)
+            .Add("from", request.From.IsDefined ? request.From.Value : null)
+            .Add("take", request.Take.IsDefined ? request.Take.Value : null)
+            .Add("resource_server_identifier", request.ResourceServerIdentifier)
+            .Add("permission_name", request.PermissionName)
+            .MergeAdditional(options?.AdditionalQueryParameters)
+            .Build();
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Get,
+                    Path = string.Format(
+                        "users/{0}/effective-permissions/sources/effective-roles",
+                        ValueConvert.ToPathParameterString(id)
+                    ),
+                    QueryString = _queryString,
+                    Headers = _headers,
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                var responseData =
+                    JsonUtils.Deserialize<ListUserEffectivePermissionRoleSourcesResponseContent>(
+                        responseBody
+                    )!;
+                return new WithRawResponse<ListUserEffectivePermissionRoleSourcesResponseContent>()
+                {
+                    Data = responseData,
+                    RawResponse = new RawResponse()
+                    {
+                        StatusCode = response.Raw.StatusCode,
+                        Url = response.Raw.RequestMessage?.RequestUri ?? new Uri("about:blank"),
+                        Headers = ResponseHeaders.FromHttpResponseMessage(response.Raw),
+                    },
+                };
+            }
+            catch (JsonException e)
+            {
+                throw new ManagementApiException(
+                    "Failed to deserialize response",
+                    response.StatusCode,
+                    null,
+                    e
+                );
+            }
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 404:
+                        throw new NotFoundError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+
+    /// <summary>
+    /// Lists the roles which grant the user a given permission, including roles assigned directly to the user and those inherited through group memberships.
+    /// </summary>
+    /// <example><code>
+    /// await client.Users.EffectivePermissions.Sources.Roles.ListAsync(
+    ///     "id",
+    ///     new ListUserEffectivePermissionRoleSourceRequestParameters
+    ///     {
+    ///         From = "from",
+    ///         Take = 1,
+    ///         ResourceServerIdentifier = "resource_server_identifier",
+    ///         PermissionName = "permission_name",
+    ///     }
+    /// );
+    /// </code></example>
+    public async Task<Pager<UserEffectivePermissionRoleSourceResponseContent>> ListAsync(
+        string id,
+        ListUserEffectivePermissionRoleSourceRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        if (request is not null)
+        {
+            request = request with { };
+        }
+        var pager = await CursorPager<
+            ListUserEffectivePermissionRoleSourceRequestParameters,
+            RequestOptions?,
+            ListUserEffectivePermissionRoleSourcesResponseContent,
+            string?,
+            UserEffectivePermissionRoleSourceResponseContent
+        >
+            .CreateInstanceAsync(
+                request,
+                options,
+                async (request, options, cancellationToken) =>
+                    await ListInternalAsync(id, request, options, cancellationToken)
+                        .WithRawResponse(),
+                (request, cursor) =>
+                {
+                    request.From = cursor;
+                },
+                response => response.Next,
+                response => response.Roles?.ToList(),
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        return pager;
+    }
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/SourcesClient.cs b/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/SourcesClient.cs
new file mode 100644
index 000000000..f3fe6daed
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectivePermissions/Sources/SourcesClient.cs
@@ -0,0 +1,16 @@
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Users.EffectivePermissions.Sources;
+
+public partial class SourcesClient : ISourcesClient
+{
+    private readonly RawClient _client;
+
+    internal SourcesClient(RawClient client)
+    {
+        _client = client;
+        Roles = new RolesClient(_client);
+    }
+
+    public IRolesClient Roles { get; }
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectiveRoles/EffectiveRolesClient.cs b/src/Auth0.ManagementApi/Users/EffectiveRoles/EffectiveRolesClient.cs
new file mode 100644
index 000000000..14c0e1731
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectiveRoles/EffectiveRolesClient.cs
@@ -0,0 +1,175 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+
+namespace Auth0.ManagementApi.Users;
+
+public partial class EffectiveRolesClient : IEffectiveRolesClient
+{
+    private readonly RawClient _client;
+
+    internal EffectiveRolesClient(RawClient client)
+    {
+        _client = client;
+        Sources = new Auth0.ManagementApi.Users.EffectiveRoles.Sources.SourcesClient(_client);
+    }
+
+    public Auth0.ManagementApi.Users.EffectiveRoles.Sources.ISourcesClient Sources { get; }
+
+    /// <summary>
+    /// Retrieve detailed list of effective roles for a user, including roles assigned directly and through group memberships.
+    /// </summary>
+    private WithRawResponseTask<ListUserEffectiveRolesResponseContent> ListInternalAsync(
+        string id,
+        ListUserEffectiveRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        return new WithRawResponseTask<ListUserEffectiveRolesResponseContent>(
+            ListInternalAsyncCore(id, request, options, cancellationToken)
+        );
+    }
+
+    private async Task<
+        WithRawResponse<ListUserEffectiveRolesResponseContent>
+    > ListInternalAsyncCore(
+        string id,
+        ListUserEffectiveRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _queryString = new Auth0.ManagementApi.Core.QueryStringBuilder.Builder(capacity: 2)
+            .Add("from", request.From.IsDefined ? request.From.Value : null)
+            .Add("take", request.Take.IsDefined ? request.Take.Value : null)
+            .MergeAdditional(options?.AdditionalQueryParameters)
+            .Build();
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Get,
+                    Path = string.Format(
+                        "users/{0}/effective-roles",
+                        ValueConvert.ToPathParameterString(id)
+                    ),
+                    QueryString = _queryString,
+                    Headers = _headers,
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                var responseData = JsonUtils.Deserialize<ListUserEffectiveRolesResponseContent>(
+                    responseBody
+                )!;
+                return new WithRawResponse<ListUserEffectiveRolesResponseContent>()
+                {
+                    Data = responseData,
+                    RawResponse = new RawResponse()
+                    {
+                        StatusCode = response.Raw.StatusCode,
+                        Url = response.Raw.RequestMessage?.RequestUri ?? new Uri("about:blank"),
+                        Headers = ResponseHeaders.FromHttpResponseMessage(response.Raw),
+                    },
+                };
+            }
+            catch (JsonException e)
+            {
+                throw new ManagementApiException(
+                    "Failed to deserialize response",
+                    response.StatusCode,
+                    null,
+                    e
+                );
+            }
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+
+    /// <summary>
+    /// Retrieve detailed list of effective roles for a user, including roles assigned directly and through group memberships.
+    /// </summary>
+    /// <example><code>
+    /// await client.Users.EffectiveRoles.ListAsync(
+    ///     "id",
+    ///     new ListUserEffectiveRolesRequestParameters { From = "from", Take = 1 }
+    /// );
+    /// </code></example>
+    public async Task<Pager<UserEffectiveRole>> ListAsync(
+        string id,
+        ListUserEffectiveRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        if (request is not null)
+        {
+            request = request with { };
+        }
+        var pager = await CursorPager<
+            ListUserEffectiveRolesRequestParameters,
+            RequestOptions?,
+            ListUserEffectiveRolesResponseContent,
+            string?,
+            UserEffectiveRole
+        >
+            .CreateInstanceAsync(
+                request,
+                options,
+                async (request, options, cancellationToken) =>
+                    await ListInternalAsync(id, request, options, cancellationToken)
+                        .WithRawResponse(),
+                (request, cursor) =>
+                {
+                    request.From = cursor;
+                },
+                response => response.Next,
+                response => response.Roles?.ToList(),
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        return pager;
+    }
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectiveRoles/IEffectiveRolesClient.cs b/src/Auth0.ManagementApi/Users/EffectiveRoles/IEffectiveRolesClient.cs
new file mode 100644
index 000000000..7de436b58
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectiveRoles/IEffectiveRolesClient.cs
@@ -0,0 +1,19 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Users;
+
+public partial interface IEffectiveRolesClient
+{
+    public Auth0.ManagementApi.Users.EffectiveRoles.Sources.ISourcesClient Sources { get; }
+
+    /// <summary>
+    /// Retrieve detailed list of effective roles for a user, including roles assigned directly and through group memberships.
+    /// </summary>
+    Task<Pager<UserEffectiveRole>> ListAsync(
+        string id,
+        ListUserEffectiveRolesRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectiveRoles/Requests/ListUserEffectiveRolesRequestParameters.cs b/src/Auth0.ManagementApi/Users/EffectiveRoles/Requests/ListUserEffectiveRolesRequestParameters.cs
new file mode 100644
index 000000000..30fc00165
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectiveRoles/Requests/ListUserEffectiveRolesRequestParameters.cs
@@ -0,0 +1,26 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Users;
+
+[Serializable]
+public record ListUserEffectiveRolesRequestParameters
+{
+    /// <summary>
+    /// Optional Id from which to start selection.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<string?> From { get; set; }
+
+    /// <summary>
+    /// Number of results per page. Defaults to 50.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<int?> Take { get; set; } = 50;
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/Groups/GroupsClient.cs b/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/Groups/GroupsClient.cs
new file mode 100644
index 000000000..ccb6d3f7e
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/Groups/GroupsClient.cs
@@ -0,0 +1,178 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json;
+
+namespace Auth0.ManagementApi.Users.EffectiveRoles.Sources;
+
+public partial class GroupsClient : IGroupsClient
+{
+    private readonly RawClient _client;
+
+    internal GroupsClient(RawClient client)
+    {
+        _client = client;
+    }
+
+    /// <summary>
+    /// Lists the groups that grant a user a specific role.
+    /// </summary>
+    private WithRawResponseTask<ListUserRoleSourceGroupsResponseContent> ListInternalAsync(
+        string id,
+        ListUserRoleSourceGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        return new WithRawResponseTask<ListUserRoleSourceGroupsResponseContent>(
+            ListInternalAsyncCore(id, request, options, cancellationToken)
+        );
+    }
+
+    private async Task<
+        WithRawResponse<ListUserRoleSourceGroupsResponseContent>
+    > ListInternalAsyncCore(
+        string id,
+        ListUserRoleSourceGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        var _queryString = new Auth0.ManagementApi.Core.QueryStringBuilder.Builder(capacity: 3)
+            .Add("role_id", request.RoleId)
+            .Add("from", request.From.IsDefined ? request.From.Value : null)
+            .Add("take", request.Take.IsDefined ? request.Take.Value : null)
+            .MergeAdditional(options?.AdditionalQueryParameters)
+            .Build();
+        var _headers = await new Auth0.ManagementApi.Core.HeadersBuilder.Builder()
+            .Add(_client.Options.Headers)
+            .Add(_client.Options.AdditionalHeaders)
+            .Add(options?.AdditionalHeaders)
+            .BuildAsync()
+            .ConfigureAwait(false);
+        var response = await _client
+            .SendRequestAsync(
+                new JsonRequest
+                {
+                    Method = HttpMethod.Get,
+                    Path = string.Format(
+                        "users/{0}/effective-roles/sources/groups",
+                        ValueConvert.ToPathParameterString(id)
+                    ),
+                    QueryString = _queryString,
+                    Headers = _headers,
+                    Options = options,
+                },
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        if (response.StatusCode is >= 200 and < 400)
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                var responseData = JsonUtils.Deserialize<ListUserRoleSourceGroupsResponseContent>(
+                    responseBody
+                )!;
+                return new WithRawResponse<ListUserRoleSourceGroupsResponseContent>()
+                {
+                    Data = responseData,
+                    RawResponse = new RawResponse()
+                    {
+                        StatusCode = response.Raw.StatusCode,
+                        Url = response.Raw.RequestMessage?.RequestUri ?? new Uri("about:blank"),
+                        Headers = ResponseHeaders.FromHttpResponseMessage(response.Raw),
+                    },
+                };
+            }
+            catch (JsonException e)
+            {
+                throw new ManagementApiException(
+                    "Failed to deserialize response",
+                    response.StatusCode,
+                    null,
+                    e
+                );
+            }
+        }
+        {
+            var responseBody = await response
+                .Raw.Content.ReadAsStringAsync(cancellationToken)
+                .ConfigureAwait(false);
+            try
+            {
+                switch (response.StatusCode)
+                {
+                    case 400:
+                        throw new BadRequestError(JsonUtils.Deserialize<object>(responseBody));
+                    case 401:
+                        throw new UnauthorizedError(JsonUtils.Deserialize<object>(responseBody));
+                    case 403:
+                        throw new ForbiddenError(JsonUtils.Deserialize<object>(responseBody));
+                    case 429:
+                        throw new TooManyRequestsError(JsonUtils.Deserialize<object>(responseBody));
+                }
+            }
+            catch (JsonException)
+            {
+                // unable to map error response, throwing generic error
+            }
+            throw new ManagementApiException(
+                $"Error with status code {response.StatusCode}",
+                response.StatusCode,
+                responseBody
+            );
+        }
+    }
+
+    /// <summary>
+    /// Lists the groups that grant a user a specific role.
+    /// </summary>
+    /// <example><code>
+    /// await client.Users.EffectiveRoles.Sources.Groups.ListAsync(
+    ///     "id",
+    ///     new ListUserRoleSourceGroupsRequestParameters
+    ///     {
+    ///         RoleId = "role_id",
+    ///         From = "from",
+    ///         Take = 1,
+    ///     }
+    /// );
+    /// </code></example>
+    public async Task<Pager<Group>> ListAsync(
+        string id,
+        ListUserRoleSourceGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    )
+    {
+        if (request is not null)
+        {
+            request = request with { };
+        }
+        var pager = await CursorPager<
+            ListUserRoleSourceGroupsRequestParameters,
+            RequestOptions?,
+            ListUserRoleSourceGroupsResponseContent,
+            string?,
+            Group
+        >
+            .CreateInstanceAsync(
+                request,
+                options,
+                async (request, options, cancellationToken) =>
+                    await ListInternalAsync(id, request, options, cancellationToken)
+                        .WithRawResponse(),
+                (request, cursor) =>
+                {
+                    request.From = cursor;
+                },
+                response => response.Next,
+                response => response.Groups?.ToList(),
+                cancellationToken
+            )
+            .ConfigureAwait(false);
+        return pager;
+    }
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/Groups/IGroupsClient.cs b/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/Groups/IGroupsClient.cs
new file mode 100644
index 000000000..83e8bc8a6
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/Groups/IGroupsClient.cs
@@ -0,0 +1,17 @@
+using Auth0.ManagementApi;
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Users.EffectiveRoles.Sources;
+
+public partial interface IGroupsClient
+{
+    /// <summary>
+    /// Lists the groups that grant a user a specific role.
+    /// </summary>
+    Task<Pager<Group>> ListAsync(
+        string id,
+        ListUserRoleSourceGroupsRequestParameters request,
+        RequestOptions? options = null,
+        CancellationToken cancellationToken = default
+    );
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/Groups/Requests/ListUserRoleSourceGroupsRequestParameters.cs b/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/Groups/Requests/ListUserRoleSourceGroupsRequestParameters.cs
new file mode 100644
index 000000000..bc1e03f06
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/Groups/Requests/ListUserRoleSourceGroupsRequestParameters.cs
@@ -0,0 +1,32 @@
+using Auth0.ManagementApi.Core;
+using global::System.Text.Json.Serialization;
+
+namespace Auth0.ManagementApi.Users.EffectiveRoles.Sources;
+
+[Serializable]
+public record ListUserRoleSourceGroupsRequestParameters
+{
+    /// <summary>
+    /// ID of the role to get source groups for.
+    /// </summary>
+    [JsonIgnore]
+    public required string RoleId { get; set; }
+
+    /// <summary>
+    /// Optional Id from which to start selection.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<string?> From { get; set; }
+
+    /// <summary>
+    /// Number of results per page. Defaults to 50.
+    /// </summary>
+    [JsonIgnore]
+    public Optional<int?> Take { get; set; } = 50;
+
+    /// <inheritdoc />
+    public override string ToString()
+    {
+        return JsonUtils.Serialize(this);
+    }
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/ISourcesClient.cs b/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/ISourcesClient.cs
new file mode 100644
index 000000000..2de0a981e
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/ISourcesClient.cs
@@ -0,0 +1,6 @@
+namespace Auth0.ManagementApi.Users.EffectiveRoles.Sources;
+
+public partial interface ISourcesClient
+{
+    public IGroupsClient Groups { get; }
+}
diff --git a/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/SourcesClient.cs b/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/SourcesClient.cs
new file mode 100644
index 000000000..378270383
--- /dev/null
+++ b/src/Auth0.ManagementApi/Users/EffectiveRoles/Sources/SourcesClient.cs
@@ -0,0 +1,16 @@
+using Auth0.ManagementApi.Core;
+
+namespace Auth0.ManagementApi.Users.EffectiveRoles.Sources;
+
+public partial class SourcesClient : ISourcesClient
+{
+    private readonly RawClient _client;
+
+    internal SourcesClient(RawClient client)
+    {
+        _client = client;
+        Groups = new GroupsClient(_client);
+    }
+
+    public IGroupsClient Groups { get; }
+}
diff --git a/src/Auth0.ManagementApi/Users/IUsersClient.cs b/src/Auth0.ManagementApi/Users/IUsersClient.cs
index 38e244612..799f9d4d4 100644
--- a/src/Auth0.ManagementApi/Users/IUsersClient.cs
+++ b/src/Auth0.ManagementApi/Users/IUsersClient.cs
@@ -8,6 +8,8 @@ public partial interface IUsersClient
     public IAuthenticationMethodsClient AuthenticationMethods { get; }
     public IAuthenticatorsClient Authenticators { get; }
     public IConnectedAccountsClient ConnectedAccounts { get; }
+    public IEffectivePermissionsClient EffectivePermissions { get; }
+    public Auth0.ManagementApi.Users.IEffectiveRolesClient EffectiveRoles { get; }
     public Auth0.ManagementApi.Users.IEnrollmentsClient Enrollments { get; }
     public IFederatedConnectionsTokensetsClient FederatedConnectionsTokensets { get; }
     public Auth0.ManagementApi.Users.IGroupsClient Groups { get; }
diff --git a/src/Auth0.ManagementApi/Users/UsersClient.cs b/src/Auth0.ManagementApi/Users/UsersClient.cs
index 9afaee40b..a4cd97554 100644
--- a/src/Auth0.ManagementApi/Users/UsersClient.cs
+++ b/src/Auth0.ManagementApi/Users/UsersClient.cs
@@ -14,6 +14,8 @@ internal UsersClient(RawClient client)
         AuthenticationMethods = new AuthenticationMethodsClient(_client);
         Authenticators = new AuthenticatorsClient(_client);
         ConnectedAccounts = new ConnectedAccountsClient(_client);
+        EffectivePermissions = new EffectivePermissionsClient(_client);
+        EffectiveRoles = new Auth0.ManagementApi.Users.EffectiveRolesClient(_client);
         Enrollments = new Auth0.ManagementApi.Users.EnrollmentsClient(_client);
         FederatedConnectionsTokensets = new FederatedConnectionsTokensetsClient(_client);
         Groups = new Auth0.ManagementApi.Users.GroupsClient(_client);
@@ -34,6 +36,10 @@ internal UsersClient(RawClient client)
 
     public IConnectedAccountsClient ConnectedAccounts { get; }
 
+    public IEffectivePermissionsClient EffectivePermissions { get; }
+
+    public Auth0.ManagementApi.Users.IEffectiveRolesClient EffectiveRoles { get; }
+
     public Auth0.ManagementApi.Users.IEnrollmentsClient Enrollments { get; }
 
     public IFederatedConnectionsTokensetsClient FederatedConnectionsTokensets { get; }
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/ListTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/ListTest.cs
new file mode 100644
index 000000000..cb64616d2
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/ListTest.cs
@@ -0,0 +1,57 @@
+using Auth0.ManagementApi.Organizations;
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Organizations.Groups;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class ListTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public async Task MockServerTest()
+    {
+        const string mockResponse = """
+            {
+              "groups": [
+                {
+                  "id": "id",
+                  "name": "name",
+                  "external_id": "external_id",
+                  "connection_id": "connection_id",
+                  "tenant_name": "tenant_name",
+                  "created_at": "2024-01-15T09:30:00.000Z",
+                  "updated_at": "2024-01-15T09:30:00.000Z"
+                }
+              ],
+              "next": "next"
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/organizations/organization_id/groups")
+                    .WithParam("from", "from")
+                    .WithParam("take", "1")
+                    .UsingGet()
+            )
+            .RespondWith(
+                WireMock
+                    .ResponseBuilders.Response.Create()
+                    .WithStatusCode(200)
+                    .WithBody(mockResponse)
+            );
+
+        var items = await Client.Organizations.Groups.ListAsync(
+            "organization_id",
+            new ListOrganizationGroupsRequestParameters { From = "from", Take = 1 }
+        );
+        await foreach (var item in items)
+        {
+            Assert.That(item, Is.Not.Null);
+            break; // Only check the first item
+        }
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/Roles/CreateTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/Roles/CreateTest.cs
new file mode 100644
index 000000000..8c9b98a63
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/Roles/CreateTest.cs
@@ -0,0 +1,44 @@
+using Auth0.ManagementApi.Organizations.Groups;
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Organizations.Groups.Roles;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class CreateTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public void MockServerTest()
+    {
+        const string requestJson = """
+            {
+              "roles": [
+                "roles"
+              ]
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/organizations/organization_id/groups/group_id/roles")
+                    .WithHeader("Content-Type", "application/json")
+                    .UsingPost()
+                    .WithBodyAsJson(requestJson)
+            )
+            .RespondWith(WireMock.ResponseBuilders.Response.Create().WithStatusCode(200));
+
+        Assert.DoesNotThrowAsync(async () =>
+            await Client.Organizations.Groups.Roles.CreateAsync(
+                "organization_id",
+                "group_id",
+                new CreateOrganizationGroupRolesRequestContent
+                {
+                    Roles = new List<string>() { "roles" },
+                }
+            )
+        );
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/Roles/DeleteTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/Roles/DeleteTest.cs
new file mode 100644
index 000000000..2a9b99090
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/Roles/DeleteTest.cs
@@ -0,0 +1,44 @@
+using Auth0.ManagementApi.Organizations.Groups;
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Organizations.Groups.Roles;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class DeleteTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public void MockServerTest()
+    {
+        const string requestJson = """
+            {
+              "roles": [
+                "roles"
+              ]
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/organizations/organization_id/groups/group_id/roles")
+                    .WithHeader("Content-Type", "application/json")
+                    .UsingDelete()
+                    .WithBodyAsJson(requestJson)
+            )
+            .RespondWith(WireMock.ResponseBuilders.Response.Create().WithStatusCode(200));
+
+        Assert.DoesNotThrowAsync(async () =>
+            await Client.Organizations.Groups.Roles.DeleteAsync(
+                "organization_id",
+                "group_id",
+                new DeleteOrganizationGroupRolesRequestContent
+                {
+                    Roles = new List<string>() { "roles" },
+                }
+            )
+        );
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/Roles/ListTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/Roles/ListTest.cs
new file mode 100644
index 000000000..e05e74ac7
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Groups/Roles/ListTest.cs
@@ -0,0 +1,54 @@
+using Auth0.ManagementApi.Organizations.Groups;
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Organizations.Groups.Roles;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class ListTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public async Task MockServerTest()
+    {
+        const string mockResponse = """
+            {
+              "roles": [
+                {
+                  "id": "id",
+                  "name": "name",
+                  "description": "description"
+                }
+              ],
+              "next": "next"
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/organizations/organization_id/groups/group_id/roles")
+                    .WithParam("from", "from")
+                    .WithParam("take", "1")
+                    .UsingGet()
+            )
+            .RespondWith(
+                WireMock
+                    .ResponseBuilders.Response.Create()
+                    .WithStatusCode(200)
+                    .WithBody(mockResponse)
+            );
+
+        var items = await Client.Organizations.Groups.Roles.ListAsync(
+            "organization_id",
+            "group_id",
+            new ListOrganizationGroupRolesRequestParameters { From = "from", Take = 1 }
+        );
+        await foreach (var item in items)
+        {
+            Assert.That(item, Is.Not.Null);
+            break; // Only check the first item
+        }
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Members/EffectiveRoles/ListTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Members/EffectiveRoles/ListTest.cs
new file mode 100644
index 000000000..9f6b9f0ac
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Members/EffectiveRoles/ListTest.cs
@@ -0,0 +1,57 @@
+using Auth0.ManagementApi.Organizations.Members;
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Organizations.Members.EffectiveRoles;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class ListTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public async Task MockServerTest()
+    {
+        const string mockResponse = """
+            {
+              "roles": [
+                {
+                  "id": "id",
+                  "name": "name",
+                  "description": "description",
+                  "sources": [
+                    "direct"
+                  ]
+                }
+              ],
+              "next": "next"
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/organizations/id/members/user_id/effective-roles")
+                    .WithParam("from", "from")
+                    .WithParam("take", "1")
+                    .UsingGet()
+            )
+            .RespondWith(
+                WireMock
+                    .ResponseBuilders.Response.Create()
+                    .WithStatusCode(200)
+                    .WithBody(mockResponse)
+            );
+
+        var items = await Client.Organizations.Members.EffectiveRoles.ListAsync(
+            "id",
+            "user_id",
+            new ListOrganizationMemberEffectiveRolesRequestParameters { From = "from", Take = 1 }
+        );
+        await foreach (var item in items)
+        {
+            Assert.That(item, Is.Not.Null);
+            break; // Only check the first item
+        }
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Members/EffectiveRoles/Sources/Groups/ListTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Members/EffectiveRoles/Sources/Groups/ListTest.cs
new file mode 100644
index 000000000..5b4d5783a
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Organizations/Members/EffectiveRoles/Sources/Groups/ListTest.cs
@@ -0,0 +1,64 @@
+using Auth0.ManagementApi.Organizations.Members.EffectiveRoles.Sources;
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Organizations.Members.EffectiveRoles.Sources.Groups;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class ListTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public async Task MockServerTest()
+    {
+        const string mockResponse = """
+            {
+              "groups": [
+                {
+                  "id": "id",
+                  "name": "name",
+                  "external_id": "external_id",
+                  "connection_id": "connection_id",
+                  "tenant_name": "tenant_name",
+                  "created_at": "2024-01-15T09:30:00.000Z",
+                  "updated_at": "2024-01-15T09:30:00.000Z"
+                }
+              ],
+              "next": "next"
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/organizations/id/members/user_id/effective-roles/sources/groups")
+                    .WithParam("from", "from")
+                    .WithParam("take", "1")
+                    .WithParam("role_id", "role_id")
+                    .UsingGet()
+            )
+            .RespondWith(
+                WireMock
+                    .ResponseBuilders.Response.Create()
+                    .WithStatusCode(200)
+                    .WithBody(mockResponse)
+            );
+
+        var items = await Client.Organizations.Members.EffectiveRoles.Sources.Groups.ListAsync(
+            "id",
+            "user_id",
+            new ListOrganizationMemberRoleSourceGroupsRequestParameters
+            {
+                From = "from",
+                Take = 1,
+                RoleId = "role_id",
+            }
+        );
+        await foreach (var item in items)
+        {
+            Assert.That(item, Is.Not.Null);
+            break; // Only check the first item
+        }
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Roles/Groups/CreateTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Roles/Groups/CreateTest.cs
new file mode 100644
index 000000000..cf04d45c0
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Roles/Groups/CreateTest.cs
@@ -0,0 +1,40 @@
+using Auth0.ManagementApi.Roles;
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Roles.Groups;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class CreateTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public void MockServerTest()
+    {
+        const string requestJson = """
+            {
+              "groups": [
+                "groups"
+              ]
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/roles/id/groups")
+                    .WithHeader("Content-Type", "application/json")
+                    .UsingPost()
+                    .WithBodyAsJson(requestJson)
+            )
+            .RespondWith(WireMock.ResponseBuilders.Response.Create().WithStatusCode(200));
+
+        Assert.DoesNotThrowAsync(async () =>
+            await Client.Roles.Groups.CreateAsync(
+                "id",
+                new AssignRoleGroupsRequestContent { Groups = new List<string>() { "groups" } }
+            )
+        );
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Roles/Groups/DeleteTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Roles/Groups/DeleteTest.cs
new file mode 100644
index 000000000..adf759cd8
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Roles/Groups/DeleteTest.cs
@@ -0,0 +1,40 @@
+using Auth0.ManagementApi.Roles;
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Roles.Groups;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class DeleteTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public void MockServerTest()
+    {
+        const string requestJson = """
+            {
+              "groups": [
+                "groups"
+              ]
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/roles/id/groups")
+                    .WithHeader("Content-Type", "application/json")
+                    .UsingDelete()
+                    .WithBodyAsJson(requestJson)
+            )
+            .RespondWith(WireMock.ResponseBuilders.Response.Create().WithStatusCode(200));
+
+        Assert.DoesNotThrowAsync(async () =>
+            await Client.Roles.Groups.DeleteAsync(
+                "id",
+                new DeleteRoleGroupsRequestContent { Groups = new List<string>() { "groups" } }
+            )
+        );
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Roles/Groups/GetTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Roles/Groups/GetTest.cs
new file mode 100644
index 000000000..ee027088f
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Roles/Groups/GetTest.cs
@@ -0,0 +1,57 @@
+using Auth0.ManagementApi.Roles;
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Roles.Groups;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class GetTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public async Task MockServerTest()
+    {
+        const string mockResponse = """
+            {
+              "groups": [
+                {
+                  "id": "id",
+                  "name": "name",
+                  "external_id": "external_id",
+                  "connection_id": "connection_id",
+                  "tenant_name": "tenant_name",
+                  "created_at": "2024-01-15T09:30:00.000Z",
+                  "updated_at": "2024-01-15T09:30:00.000Z"
+                }
+              ],
+              "next": "next"
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/roles/id/groups")
+                    .WithParam("from", "from")
+                    .WithParam("take", "1")
+                    .UsingGet()
+            )
+            .RespondWith(
+                WireMock
+                    .ResponseBuilders.Response.Create()
+                    .WithStatusCode(200)
+                    .WithBody(mockResponse)
+            );
+
+        var items = await Client.Roles.Groups.GetAsync(
+            "id",
+            new ListRoleGroupsParameters { From = "from", Take = 1 }
+        );
+        await foreach (var item in items)
+        {
+            Assert.That(item, Is.Not.Null);
+            break; // Only check the first item
+        }
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Tenants/Settings/GetTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Tenants/Settings/GetTest.cs
index d5c49e9dc..e785ae59b 100644
--- a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Tenants/Settings/GetTest.cs
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Tenants/Settings/GetTest.cs
@@ -116,7 +116,13 @@ public async Task MockServerTest()
               "client_id_metadata_document_supported": true,
               "phone_consolidated_experience": true,
               "enable_ai_guide": true,
-              "dynamic_client_registration_security_mode": "strict"
+              "dynamic_client_registration_security_mode": "strict",
+              "country_codes": {
+                "list": [
+                  "list"
+                ],
+                "mode": "allow"
+              }
             }
             """;
 
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Tenants/Settings/UpdateTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Tenants/Settings/UpdateTest.cs
index b426c9f26..fa38ed8a8 100644
--- a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Tenants/Settings/UpdateTest.cs
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Tenants/Settings/UpdateTest.cs
@@ -120,7 +120,13 @@ public async Task MockServerTest()
               "client_id_metadata_document_supported": true,
               "phone_consolidated_experience": true,
               "enable_ai_guide": true,
-              "dynamic_client_registration_security_mode": "strict"
+              "dynamic_client_registration_security_mode": "strict",
+              "country_codes": {
+                "list": [
+                  "list"
+                ],
+                "mode": "allow"
+              }
             }
             """;
 
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectivePermissions/ListTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectivePermissions/ListTest.cs
new file mode 100644
index 000000000..f66f5b7f7
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectivePermissions/ListTest.cs
@@ -0,0 +1,63 @@
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using Auth0.ManagementApi.Users;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Users.EffectivePermissions;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class ListTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public async Task MockServerTest()
+    {
+        const string mockResponse = """
+            {
+              "permissions": [
+                {
+                  "resource_server_identifier": "resource_server_identifier",
+                  "permission_name": "permission_name",
+                  "resource_server_name": "resource_server_name",
+                  "description": "description",
+                  "sources": [
+                    "direct"
+                  ]
+                }
+              ],
+              "next": "next"
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/users/id/effective-permissions")
+                    .WithParam("from", "from")
+                    .WithParam("take", "1")
+                    .WithParam("resource_server_identifier", "resource_server_identifier")
+                    .UsingGet()
+            )
+            .RespondWith(
+                WireMock
+                    .ResponseBuilders.Response.Create()
+                    .WithStatusCode(200)
+                    .WithBody(mockResponse)
+            );
+
+        var items = await Client.Users.EffectivePermissions.ListAsync(
+            "id",
+            new ListUserEffectivePermissionsRequestParameters
+            {
+                From = "from",
+                Take = 1,
+                ResourceServerIdentifier = "resource_server_identifier",
+            }
+        );
+        await foreach (var item in items)
+        {
+            Assert.That(item, Is.Not.Null);
+            break; // Only check the first item
+        }
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectivePermissions/Sources/Roles/ListTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectivePermissions/Sources/Roles/ListTest.cs
new file mode 100644
index 000000000..e976feb90
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectivePermissions/Sources/Roles/ListTest.cs
@@ -0,0 +1,64 @@
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using Auth0.ManagementApi.Users.EffectivePermissions.Sources;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Users.EffectivePermissions.Sources.Roles;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class ListTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public async Task MockServerTest()
+    {
+        const string mockResponse = """
+            {
+              "roles": [
+                {
+                  "id": "id",
+                  "name": "name",
+                  "description": "description",
+                  "sources": [
+                    "direct"
+                  ]
+                }
+              ],
+              "next": "next"
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/users/id/effective-permissions/sources/effective-roles")
+                    .WithParam("from", "from")
+                    .WithParam("take", "1")
+                    .WithParam("resource_server_identifier", "resource_server_identifier")
+                    .WithParam("permission_name", "permission_name")
+                    .UsingGet()
+            )
+            .RespondWith(
+                WireMock
+                    .ResponseBuilders.Response.Create()
+                    .WithStatusCode(200)
+                    .WithBody(mockResponse)
+            );
+
+        var items = await Client.Users.EffectivePermissions.Sources.Roles.ListAsync(
+            "id",
+            new ListUserEffectivePermissionRoleSourceRequestParameters
+            {
+                From = "from",
+                Take = 1,
+                ResourceServerIdentifier = "resource_server_identifier",
+                PermissionName = "permission_name",
+            }
+        );
+        await foreach (var item in items)
+        {
+            Assert.That(item, Is.Not.Null);
+            break; // Only check the first item
+        }
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectiveRoles/ListTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectiveRoles/ListTest.cs
new file mode 100644
index 000000000..b15014902
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectiveRoles/ListTest.cs
@@ -0,0 +1,56 @@
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using Auth0.ManagementApi.Users;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Users.EffectiveRoles;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class ListTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public async Task MockServerTest()
+    {
+        const string mockResponse = """
+            {
+              "roles": [
+                {
+                  "id": "id",
+                  "name": "name",
+                  "description": "description",
+                  "sources": [
+                    "direct"
+                  ]
+                }
+              ],
+              "next": "next"
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/users/id/effective-roles")
+                    .WithParam("from", "from")
+                    .WithParam("take", "1")
+                    .UsingGet()
+            )
+            .RespondWith(
+                WireMock
+                    .ResponseBuilders.Response.Create()
+                    .WithStatusCode(200)
+                    .WithBody(mockResponse)
+            );
+
+        var items = await Client.Users.EffectiveRoles.ListAsync(
+            "id",
+            new ListUserEffectiveRolesRequestParameters { From = "from", Take = 1 }
+        );
+        await foreach (var item in items)
+        {
+            Assert.That(item, Is.Not.Null);
+            break; // Only check the first item
+        }
+    }
+}
diff --git a/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectiveRoles/Sources/Groups/ListTest.cs b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectiveRoles/Sources/Groups/ListTest.cs
new file mode 100644
index 000000000..a50d83128
--- /dev/null
+++ b/tests/Auth0.ManagementApi.Test/Unit/MockServer/Users/EffectiveRoles/Sources/Groups/ListTest.cs
@@ -0,0 +1,63 @@
+using Auth0.ManagementApi.Test.Unit.MockServer;
+using Auth0.ManagementApi.Users.EffectiveRoles.Sources;
+using NUnit.Framework;
+
+namespace Auth0.ManagementApi.Test.Unit.MockServer.Users.EffectiveRoles.Sources.Groups;
+
+[TestFixture]
+[Parallelizable(ParallelScope.Self)]
+public class ListTest : BaseMockServerTest
+{
+    [NUnit.Framework.Test]
+    public async Task MockServerTest()
+    {
+        const string mockResponse = """
+            {
+              "groups": [
+                {
+                  "id": "id",
+                  "name": "name",
+                  "external_id": "external_id",
+                  "connection_id": "connection_id",
+                  "tenant_name": "tenant_name",
+                  "created_at": "2024-01-15T09:30:00.000Z",
+                  "updated_at": "2024-01-15T09:30:00.000Z"
+                }
+              ],
+              "next": "next"
+            }
+            """;
+
+        Server
+            .Given(
+                WireMock
+                    .RequestBuilders.Request.Create()
+                    .WithPath("/users/id/effective-roles/sources/groups")
+                    .WithParam("role_id", "role_id")
+                    .WithParam("from", "from")
+                    .WithParam("take", "1")
+                    .UsingGet()
+            )
+            .RespondWith(
+                WireMock
+                    .ResponseBuilders.Response.Create()
+                    .WithStatusCode(200)
+                    .WithBody(mockResponse)
+            );
+
+        var items = await Client.Users.EffectiveRoles.Sources.Groups.ListAsync(
+            "id",
+            new ListUserRoleSourceGroupsRequestParameters
+            {
+                RoleId = "role_id",
+                From = "from",
+                Take = 1,
+            }
+        );
+        await foreach (var item in items)
+        {
+            Assert.That(item, Is.Not.Null);
+            break; // Only check the first item
+        }
+    }
+}