Problem Statement
We are attempting to use Home Realm Discovery with a few different email domains on their Google Workspace connection. Regardless of which email domain is used by a user, the google login page loads with the Google Workspace Domain value configured in the connection pre-populated as the email domain.
For example, a user with @xxx.com as their domain will be sent to the google login page with @xxx as their email domain pre-populated.
Solution
As per the current design, we send that hosted domain (hd) property to google without an option to remove it from the payload.
The possible workaround is updating the connection and making tenant_domain: “”.
{
"options": {
"tenant_domain": ""
}
}
By making this value an empty string, there is nothing pre-populated on the google login page. Please test thoroughly before making the change on Production.
Please feel free to communicate with our Product team via the feedback page.