Auth0 Home Blog Docs

Auth0-lock and Active Directory

lock
active-directory

#1

We are trying to deploy a login form using auth0-lock which supports email/password signup, “login with google”, and login with Active Directory. When we present the login form, we don’t know which of these options are appropriate for the user, so we want all 3.

We have had no problem configuring the client to support email/password and google login. The lock popup shows both these options and they both work.

We configured an Active Directory LDAP connection and tested that using the “try” button on the LDAP connection setup page. That gave us a lock popup showing out custom logo and color for our tenant, with the text “All Applications” instead of a client name. The message said "Please enter your corporate credentials at .com and gave boxes for “your username” and “your password”. Entering a valid Active Directory username and password there gave us a successful login.

We have enabled the Active Directory connection in our specific client, along with Google and email/password connections. However, our client Lock popup continues to show only google and email/password. There is no option to use Active Directory for our client.

What should a Lock popup look like in this case? Screenshot, please?

What can we be missing to turn on the Active Directory option?

Our client code is using the auth0 React source example and displays the V11 Lock popup when we call auth.handleAuthentication();


#2

Based on the provided information the only thing that might be missing is that you should configure the Email domains field at the Active Directory connection settings. This way when an end-user inputs an email address associated to one of those domains Lock will automatically detect this and display an UI that allows to authenticate the user against the AD connection instead of the database connection.

If I recall correctly Lock only shows a button for an enterprise connection when there’s a single connection enabled; in your client application you have multiple connections so you’ll need the email domains configured so that depending on the end-user inputs Lock will know which connection to use. See https://auth0.com/docs/libraries/lock/v11/selecting-the-connection-for-multiple-logins#option-2-using-email-domains-with-lock for reference information.


#3

Ah, yes, it was actually working all the time. We just couldn’t understand the user interface.

Displaying active directory login depends on the domain given for the email address in the email field of the lock popup. Having typed in an email address that the client connections think supports Active Directory, the popup magically changes to an Active Directory login form. Having set up active directory for a domain, there is no longer any method to login with email and password, if your email is at that domain. You can, however, login with a google account using that same email address.

We’ll document that for our users and it should be OK. Thanks very much for your help!


#4

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.