Problem statement
We have users that initially created username-password database accounts, but they now also have accounts linked with a SAML identity they can log in with as well. We would like to have these users only log in with their SAML credentials now and no longer use their username-password credentials. What are our options for this use case?
Solution
There are a few different approaches that can be taken for this use case:
-
You could disable the Database connection for the Application
You can do this by going to the Auth0 Dashboard > Applications > Applications > Choose your application > Connections tab > turn off the toggle for the Database connection. -
Post Login Action
You can add an access control using Action—something like this sample code.
exports.onExecutePostLogin = async (event, api) => {
if (event.user.identities[0].connection === "Username-Password-Authentication") {
api.access.deny("Please log in with SAML");
}
}
- Unlink User Account and delete the primary identity (Username/Password)