We have multiple SSO enterprise connections (specifically ADFS and Azure AD) with our customers.
In just one of these cases (ADFS), I would like to send the login_hint parameter with just the username portion of the email used to log in, as their ADFS login page accepts a username without the email suffix.
- User1 enters email@example.com on our login page.
- Clicks log in, is redirected to his company’s ADFS login, with login_hint=john
- User2 enters firstname.lastname@example.org on our login page.
- Clicks log in, is redirected to his company’s Azure AD login, with email@example.com
I have searched the documentation, forums, and the Lock code itself without much success. I found one parameter (defaultADUsernameFromEmailPrefix ) that seems to enable this, but I haven’t found a way to enable this for a specific connection, and not all of them.
Unfortunately, there is no way to set something like what the
defaultADUsernameFromEmailPrefix option provides in Lock for a specific connection. There is no way to send only the username without the email suffix, and using login_hint will send the full email address.