Identifier First + Biometrics incompatibility with IdP-Initiated SAML login

Problem Statement:

When attempting an IdP-Initiated SAML login while having Identifier First + Biometrics as a first factor passwordless login option, the login flow will stall with a classic MFA prompt displayed with a spinning loading circle.


This is due to a product issue. Before the fix, a temporary workaround could be to create a rule that disables MFA for either the SAML connection or an application if that fits the customer use case:

function disableMultifactorAuthentication(user, context, callback) {
  if(context.connectionID === "[your_connection_id]") {
    context.multifactor = {
          provider: 'none'
 callback(null, user, context);