Action: Check If User Is Part of an Enterprise Connection

Overview

The following Action will help admins check whether a user is logging in with an enterprise connection.

Applies To

  • Action
  • Enterprise Connection

Solution

  1. Add action to the Login flow of a tenant.
exports.onExecutePostLogin = async (event, api) => {
  // List of enterprise connection strategies
  const enterpriseStrategies = [
    'waad',  // Windows Azure Active Directory
    'ad',    // Active Directory/LDAP
    'auth0', // Auth0 database connections
    'google-apps', 
    'google-oauth2', 
    'office365', 
    'okta', 
    'pingfederate', 
    'samlp', 
    'sharepoint', 
    'daccount', 
    'exact', 
    'oidc', 
    'ip'
  ];

  // Check if the connection strategy is an enterprise type
  if (enterpriseStrategies.includes(event.connection.strategy)) {
    // Perform actions for enterprise connection logins
    console.log(`User ${event.user.email} logged in using an enterprise connection: ${event.connection.name}`);
    
    // Example: Add a custom claim or tag to the user
    api.idToken.setCustomClaim('https://myapp.example.com/is_enterprise';, true);
    api.accessToken.setCustomClaim('https://myapp.example.com/is_enterprise';, true);
  } else {
    console.log(`User ${event.user.email} logged in using a non-enterprise connection: ${event.connection.name}`);
  }
}; 
  1. Using the extension Real-Time Webtask Logs, identify what kind of enterprise connection a user is using to log in.
    2.jpeg