Identifier first Universal Login for SAML users without HRD

@shmurakami

New Universal Login has HRD based on a domain name not per email address.
So New Universal Login does not meet your requirement, unfortunately.

However, you can achieve this with your own endpoint.
the endpoint receives an email address, then returns to an appropriate connection name.
then call /authorize with the connection name received from the endpoint.

Steps are like this:

  1. A user inputs an email address and presses the “Next” button.
  2. The frontend (Universal Login) calls the endpoint with the email address that the user has inputted.
  3. The endpoint returns an appropriate connection name.
  4. call /authorize with the connection name. (you can use our auth0.js library).

The endpoint will be publicly accessible. so please consider the Auth0 best practice documented on the page you provided.

Best practice
Any public endpoint should have rate limiting applied to it to prevent hackers from using it to discover information and to prevent denial of service attacks.

Thank you

2 Likes