Hi!
I’ve reviewed @konrad.sopala 's post about being redirected to Azure under the following conditions:
- Enable username and password login via Auth0 DB
- Enable SSO enterprise connection Azure AD
- Enable both connections for an application
- Enable identifier first
I do understand that, by definition, the domains specified in the Home Realm Discovery list for the connection would always trigger an Azure login, this is very clear from the doc.
However, I don’t really understand the current behaviour where users with email from the same domain as your Azure Tenant, specified in Microsoft Azure AD Domain, get redirected to Azure. From the doc, I understand that Microsoft Azure AD Domain designates the domain from my own Azure instance.
In a B2B scenario, if I’m the company Travel0 on domain travel0.com
, and I want to offer my business customers a way to login via Azure, I will configure the Azure connection, register an app in my travel0.com
Azure tenant, which means that my Microsoft Azure AD Domain is travel0.com
. This means that not just my customers, but also my own employees with @travel0.com
email would be forced to log in with Azure, which is not a scenario I want.
Is there no solution to only redirect users whose domain belongs to the Home Realm Discovery list?