Identifier first Universal Login for SAML users without HRD

Hi,
I’m migrating my system authentication features to Auth0. My system has SAML feature and users redirect their own IdP relates their account resolved by mail address.
I want to achieve this feature on Auth0 using Universal Login New Login Experience with Identifier first.
I want to use HRD but I can’t because it has to support many SAML connections and some users are using general mail address domain like gmail.com.

I found document for HRD through Universal Login using the Identifier to Realm Map Authentication (B2B) that similar to I want to do. Does Auth0 have feature to manage map of identifiers to IdP? Or do I have to manage by myself? And how should I use this map through Universal Login?

Thanks!

@shmurakami

New Universal Login has HRD based on a domain name not per email address.
So New Universal Login does not meet your requirement, unfortunately.

However, you can achieve this with your own endpoint.
the endpoint receives an email address, then returns to an appropriate connection name.
then call /authorize with the connection name received from the endpoint.

Steps are like this:

  1. A user inputs an email address and presses the “Next” button.
  2. The frontend (Universal Login) calls the endpoint with the email address that the user has inputted.
  3. The endpoint returns an appropriate connection name.
  4. call /authorize with the connection name. (you can use our auth0.js library).

The endpoint will be publicly accessible. so please consider the Auth0 best practice documented on the page you provided.

Best practice
Any public endpoint should have rate limiting applied to it to prevent hackers from using it to discover information and to prevent denial of service attacks.

Thank you

2 Likes

Thanks for helping on this one @shunsuke.tsutsui !

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.