Is there a way to disable home realm discovery for some users?
Currently, if I set up a SAML connection and setup the domain to xyz.com, any user with that domain will get routed to that IDP.
However, we have a use case where some xyz.com users may use that IDP, and others will want to login using username/password.
And I am not going to add IdP buttons in the universal login page, since we are going to have so many SAMLs.
So I selected “Identifier First” in the “Authentication Profile” Page and unchecked “Display connection as a button”.
I know this is similar to the following link, and I am new to Auth0, don’t understand what exactly I should do.
If you know beforehand the user account intending to login, thinking out aloud perhaps you have your own login page where a user enter’s their email address before they reach our hosted Universal Login page. You may be doing a lookup against the email using your own logic to find the connection maybe. Then you may pass the relevant connection into /authorize along with the users email address as the login_hint so when the user reaches Universal Login the email field is pre-filled. This way as you’re passing in the connection property HRD will essentially not activate as the user will be directed to the IdP for the connection.
I have a new question. According to your suggestion, I am going to build my own login page which requires user to input his email, first.
In this page, I will also have “Forget password” and “Sign Up” button.
I hope when user clicks these buttons, they can redirect to “Forget password” or “Sign Up” page of Auth0.
How can I achieve this purpose?
I expect you would have to create custom sign up and forgot password screens as well if you take the custom login screen route. You can create a user and a forgot password tickets where you can redirect the user to via the management api, please refer to create user and password change ticket