Force a Specific Enterprise Connection ID for New Universal Login


We currently are using the New Universal Login experience and a combination of several Enterprise Connections (using Identifier first) and local Auth0 accounts using databases.

Today, if a user specifies an email domain which is attached to a connection, Auth0 recognizes the domain and automatically redirects to that connection. Great, this gets us half way there.

Question. For some of our “tenants” we have several email address domains (,, etc) which prevent us from using identifier first for tenants which must use one specific connection 100% of the time.

Is there a way to pass in an additional parameter in our OIDC request to force a specific connnection to be utilized automatically? We also have a React client which would need to do the same thing.

Basically, something like this:

if user is attempting to access a resource tenant a, redirect anonymous user to Auth0 and force Connnection “sample-connection-adfs” to authenticate the user in all cases.

if any other tenant, follow the normal Auth0 flow by showing a username/password prompt.

Ideally, we don’t want end users of any tenant to be able to see a list of customers or organizations and we don’t want to show all of our connections. We would like to make this determination programmatically depending on the tenant configuration.


1 Like

We found that you can include the connection parameter as an argument at the /authorize endpoint. This serves our purpose.

1 Like

Hi @matt.scachette,

That’s correct! You can pass the optional connection parameter with your preferred connection in the /authorize request to force users to sign in with that specific connection. [Reference: Add Login Using the Authorization Code Flow]

Please reach out if you have any additional questions.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.