Hi! I have an application in Auth0 with both SAML connection and Auth0:s own regular database connection. The SAML connection is also used by an organization.
If I initiate login from IdP and the user is not registered in Auth0, Auth0 will return error=access_denied
, which is as expected.
But if I visit the applications login page, which takes me to Auth0:s /authorize
page, and I enter an email connected to that SAML, it will take me to the IdP:s login page and after I login, Auth0 will actually add me as a user in the database connection with said application authorized.
I would like the same behaviour as in IdP initiated flow, where access is denied when trying to log in, if the user is not registered within Auth0. Right now – anyone using that SAML can log in, be signed up and have access to the application. Is there anyway to prevent this? Will this have to be an action or a rule?