Disable Idp Domain for some users

Is there a way to disable home realm discovery for some users?
Currently, if I set up a SAML connection and setup the domain to xyz.com, any user with that domain will get routed to that IDP.
However, we have a use case where some xyz.com users may use that IDP, and others will want to login using username/password.
And I am not going to add IdP buttons in the universal login page, since we are going to have so many SAMLs.
So I selected “Identifier First” in the “Authentication Profile” Page and unchecked “Display connection as a button”.
I know this is similar to the following link, and I am new to Auth0, don’t understand what exactly I should do.

Thanks in advance.

Hi @david.hang.12138

Welcome to the Auth0 Community!

If you know beforehand the user account intending to login, thinking out aloud perhaps you have your own login page where a user enter’s their email address before they reach our hosted Universal Login page. You may be doing a lookup against the email using your own logic to find the connection maybe. Then you may pass the relevant connection into /authorize along with the users email address as the login_hint so when the user reaches Universal Login the email field is pre-filled. This way as you’re passing in the connection property HRD will essentially not activate as the user will be directed to the IdP for the connection.

For example:


I hope this helps you.
Warm regards.

Thanks for your reply, I also have found a similar way using auth0.js library.
I guess login_hint field is really helpful for me.
Let me try and get back to you.

I have a new question. According to your suggestion, I am going to build my own login page which requires user to input his email, first.
In this page, I will also have “Forget password” and “Sign Up” button.
I hope when user clicks these buttons, they can redirect to “Forget password” or “Sign Up” page of Auth0.
How can I achieve this purpose?
Thank you.

Hi @david.hang.12138
I expect you would have to create custom sign up and forgot password screens as well if you take the custom login screen route. You can create a user and a forgot password tickets where you can redirect the user to via the management api, please refer to create user and password change ticket

Warm regards.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.