Hi @lucho
I am sorry about the delayed response to your inquiry!
Whenever an user authenticated with a Google account, they will not be redirected to the IdP if the domain is registered under HRD since their account would already be authenticated with google through the SSO.
If you want to block these logins through Google SSO whenever the domain is under HRD, you can use a PostLogin Trigger is order to identify and prevent these logins and delete the identity created:
exports.onExecutePostLogin = async (event, api) => {
import { ManagementClient } from 'auth0';
const management = new ManagementClient({
client_id: <APPLICATION_CLIENT_ID>,
client_secret: <APPLICATION_CLIENT_SECRET>,
domain: <APPLICATION_DOMAIN>
});
var userEmailDomain = event.user.email;
userEmailDomain = userEmailDomain.split("@")[1];
if (userEmailDomain == '{HRD_DOMAIN}' && event.connection.strategy == 'google-oauth2'){
const result = await management.users.delete({
id: event.user.user_id
});
return api.access.deny('Please login using {{ENTERPRISE_CONNECTION}}');
}
};
Let me know if you have any other other questions, let me know!
Kind Regards,
Nik