Disable Idp Domain for some users

david.hang.12138 · December 24, 2022, 12:17pm

Is there a way to disable home realm discovery for some users?
Currently, if I set up a SAML connection and setup the domain to xyz.com, any user with that domain will get routed to that IDP.
However, we have a use case where some xyz.com users may use that IDP, and others will want to login using username/password.
And I am not going to add IdP buttons in the universal login page, since we are going to have so many SAMLs.
So I selected “Identifier First” in the “Authentication Profile” Page and unchecked “Display connection as a button”.
I know this is similar to the following link, and I am new to Auth0, don’t understand what exactly I should do.

Thanks in advance.

SaqibHussain · December 26, 2022, 9:59pm

Hi @david.hang.12138

Welcome to the Auth0 Community!

If you know beforehand the user account intending to login, thinking out aloud perhaps you have your own login page where a user enter’s their email address before they reach our hosted Universal Login page. You may be doing a lookup against the email using your own logic to find the connection maybe. Then you may pass the relevant connection into /authorize along with the users email address as the login_hint so when the user reaches Universal Login the email field is pre-filled. This way as you’re passing in the connection property HRD will essentially not activate as the user will be directed to the IdP for the connection.

For example:

https://your-domain/authorize?&response_type=code&client_id=VRoG781hIDGNQ74ViUNNwqScSjmR9qId&redirect_uri=http://jwt.io&connection=Username-Password-Authentication&login_hint=testuser@exampleco.com

I hope this helps you.
Warm regards.

david.hang.12138 · December 26, 2022, 11:48pm

Thanks for your reply, I also have found a similar way using auth0.js library.
I guess login_hint field is really helpful for me.
Let me try and get back to you.

david.hang.12138 · December 27, 2022, 12:01am

I have a new question. According to your suggestion, I am going to build my own login page which requires user to input his email, first.
In this page, I will also have “Forget password” and “Sign Up” button.
I hope when user clicks these buttons, they can redirect to “Forget password” or “Sign Up” page of Auth0.
How can I achieve this purpose?
Thank you.

SaqibHussain · December 27, 2022, 11:11pm

Hi @david.hang.12138
I expect you would have to create custom sign up and forgot password screens as well if you take the custom login screen route. You can create a user and a forgot password tickets where you can redirect the user to via the management api, please refer to create user and password change ticket

Warm regards.

system · January 10, 2023, 11:12pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Home Realm Discovery - Customization Help auth0 , login	2	7606	February 27, 2021
Home realm discovery without list of Idp domain Help	1	3120	August 14, 2020
Default connection when using universal login Help connections , oidc-enterprise-connection	3	29	October 10, 2024
Home Realm Discovery without Identity First Authentication Help identifier-first , login-experience	2	826	October 19, 2023
Multiple connections with same email domain Help lock , connections	2	7081	July 25, 2019

Disable Idp Domain for some users

Related Topics