Hi, we are trying to implement Enterprise SSO login with the classic universal login. While using the Lock default template for the login form, I noticed that it makes a call to the server, which among other things returns a list (domain_aliases
) with all the domains associated with enterprise connections.
Is there a way to disable this behavior? We don’t want to leak that information to anyone who accesses the page and knows what to look for.
Please note that we have already confirmed with Auth0 solution engineers that our login requirements cannot be fulfilled with the new universal login. Now, it comes down to whether we can use Lock.js or need to fallback to the Auth0 SDK.