Home Realm Discovery not working for Okta Workforce connection using Classic UL with Lock.js

Problem statement

When creating an Okta Workforce Enterprise connection, Home Realm Discovery (HRD) does not work when using the Classic Universal Login experience with Lock. All other Enterprise connections work fine, but the domains configured for the Okta Workforce connection don’t trigger HRD.

Symptoms

In the Classic Login page using Lock, when entering an email address ending in a domain configured for HRD in the Okta Workforce connection, the password input does not go away, and it keeps asking for a password.

Cause

The Okta connection type is a relatively new feature in Auth0 and is only supported in one of the latest Lock.js versions v11.34 as per this release note.

Solution

If you go to the branding page in the Auth0 Dashboard, you need to update your current Lock version to the latest available version:

<script src="https://cdn.auth0.com/js/lock/11.x.y/lock.min.js"></script>;

You can check the latest updates here.

Please be noted that once the customization toggle is flipped on, that page can no longer be automatically updated by Auth0, so you are responsible for updates and maintenance of the page. This includes updating the version numbers for any included Auth0 SDK or widget.