Problem statement
We have multiple SSO enterprise connections (specifically ADFS and Azure AD) with our customers.
In just one of these cases (ADFS), I would like to send the login_hint parameter with just the username portion of the email used to log in, as their ADFS login page accepts a username without the email suffix.
Example:
ADFS:
- User1 enters john@example.com on our login page.
- Clicks log in, is redirected to his company’s ADFS login, with login_hint=john
Azure AD:
- User2 enters sam@example.com on our login page.
- Clicks log in, is redirected to his company’s Azure AD login, with login_hint=sam@example.com
I have searched the documentation, forums, and the Lock code itself without much success. I found one parameter (defaultADUsernameFromEmailPrefix ) that seems to enable this, but I haven’t found a way to enable this for a specific connection, and not all of them.
Solution
Unfortunately, there is no way to set something like what the defaultADUsernameFromEmailPrefix option provides in Lock for a specific connection. There is no way to send only the username without the email suffix, and using login_hint will send the full email address.