Problem statement
When creating an Okta Workforce Enterprise connection, Home Realm Discovery (HRD) does not work when using the Classic Universal Login experience with Lock. All other Enterprise connections work fine, but the domains configured for the Okta Workforce connection don’t trigger HRD.
Symptoms
In the Classic Login page using Lock, when entering an email address ending in a domain that’s configured for HRD in the Okta Workforce connection, the password input does not go away, it keeps asking for a password.
Cause
The Okta connection type is a relatively new feature in Auth0 and is only supported in one of the latest Lock.js versions v11.34 as per this release note.
Solution
Navigate to the branding page in the Auth0 Dashboard and update the current Lock version to the latest available version:
<script src="https://cdn.auth0.com/js/lock/11.x.y/lock.min.js"></script>;
The latest updates can be found here: GitHub - auth0/lock: Auth0's signin solution
Please remember that once the customization toggle is flipped on for a given Universal Login page, that page can no longer be automatically updated by Auth0. It is the responsibility of the Auth0 tenant Admin to update and maintenance of the page going forward. This includes updating the version numbers for any included Auth0 SDK or widget.