Hi,
I’m migrating my system authentication features to Auth0. My system has SAML feature and users redirect their own IdP relates their account resolved by mail address.
I want to achieve this feature on Auth0 using Universal Login New Login Experience with Identifier first.
I want to use HRD but I can’t because it has to support many SAML connections and some users are using general mail address domain like gmail.com.
I found document for HRD through Universal Login using the Identifier to Realm MapAuthentication (B2B) that similar to I want to do. Does Auth0 have feature to manage map of identifiers to IdP? Or do I have to manage by myself? And how should I use this map through Universal Login?
New Universal Login has HRD based on a domain name not per email address.
So New Universal Login does not meet your requirement, unfortunately.
However, you can achieve this with your own endpoint.
the endpoint receives an email address, then returns to an appropriate connection name.
then call /authorize with the connection name received from the endpoint.
Steps are like this:
A user inputs an email address and presses the “Next” button.
The frontend (Universal Login) calls the endpoint with the email address that the user has inputted.
The endpoint returns an appropriate connection name.
call /authorize with the connection name. (you can use our auth0.js library).
The endpoint will be publicly accessible. so please consider the Auth0 best practice documented on the page you provided.
Best practice
Any public endpoint should have rate limiting applied to it to prevent hackers from using it to discover information and to prevent denial of service attacks.