We are setting up Okta SAML integration with Auth0 for our application. The goal is to allow every customer to log in using their own Okta instance. Based on this discussion on the Auth0 Community, we understand that we need to configure a SAML connection for each customer.
Our challenge is how to dynamically display a separate “Log in with Okta” button on the Auth0 login page for each customer, tailored to their specific Okta SAML configuration. Here are a few points we’re trying to figure out:
How can we configure Auth0’s Universal Login page to display an individual “Log in with Okta” button for each customer, linking it to their respective SAML configuration?
Is it possible to dynamically generate or manage these buttons through metadata, API calls, or any custom logic in the Universal Login page?
Are there best practices or recommendations for managing this at scale as more customers integrate their Okta with our application?
We’d appreciate any guidance, documentation references, or examples on how to achieve this!
Create an organization for each customer. For example, if your use case is a one to one mapping from application to the enterprise connection, you can select “No Prompt” and directly pass in the organization_id in the organization parameter on the /authorize request. This will redirect all organization members to a login page only with the enabled connections. Related documentation Enable Organization Connections
Directly send users to the desired connection by appending the connection parameter to the /authorize request. Example: https://TENANT.us.auth0.com/authorize?client_id=CLIENT_ID&response_type=code&scope=openid+profile+email&redirect_uri=REDIRECT_URI&prompt=login&connection=CONNECTION_NAME. Directly adding the connection parameter forces the user to sign in with a specific connection.
Create a custom login page. This would enforce Classic Login and is not generally recommended. But you would have full control over the login page. We are releasing Advanced Customizations for the New Universal Login Experience within the next few months, which will allow you to essentially do anything you want.
Thanks for the response. For the #1 and #2 options, can we display a custom login page so each customer can have their Login with Okta button embedded with their Org ID or connection parameters?
Currently, with the New Universal Login, no, you can’t display a custom login page with embedded buttons that have specific org or connection ids. This will likely be possible with the advanced customizations feature coming out soon for the New Universal Login.
However, if you create an organization per customer, you can customize the branding for each one. Please see the docs here: Create Organizations
Will your proposed approach of #1 Create an organization and #2 Directly send users to desired Connection also work for Azure and Google Workspace SSO?
Yes, this will work with organizations and the Azure. You can append both the organization and connection parameters to the /authorize request. The Google Workspace SSO Integration will create a client application in your tenant. You will have connections enabled for that Google Workspace SSO Integration client that you can use as the connection parameter in the /authorize request.
