Help with newly released Improved Login Flow for SaaS Users


I’ve been using organizations feature for a while. Today I see the official announcement of “Improved Login Flow for SaaS Users” and have attempted to follow the instructions in the linked documentation.

I enabled identifier first authentication.
I configured the login flow to “prompt for credentials”.

The login screen correctly prompts for just the email address. On entering my email I get “Email does not match any enterprise directory”.

Of note, we use a separate auth db for each organization. Is auth0 actually checking all the auth dbs for the email address? I’m not sure how this would scale in a tenant of 100s of organizations, unless auth0 keeps a separate index of email addresses. I’m not sure if this feature is designed for our setup.


Hi @jsw ,
Thanks for reaching out,

If the email being used in the identifier field definitely exists in one of the Org connections, please check that the connections are all enabled in the Tenant Application.

I think this is the normal behaviour if there is not an Auth0DB enabled in the application and then the domain doesn’t match any Enterprise Connection. but you can customize the text in the error message if you wish, see here, it will be in the Login-ID prompt “no-hrd-connection” , the custom text can be configured in the tenant dashboard >Branding > Universal Login > Advanced Options > Custom Text.

Hope this helps, thanks!