Overview
When configuring a SAML connection in Auth0, the Home Realm Discovery section allows administrators to specify identity provider (IdP) domains for automatic redirection. Some users may need to add a large number of domains, raising the question of whether there is a limit. This article will explain the limits and strategies for dealing with situations that require more than that limit.
Applies To
- SAML Enterprise Connections in Auth0
- Home Realm Discovery (options.domain_aliases)
- Large-scale IdP domain management
Solution
Auth0 enforces a 1,000-domain limit on the options.domain_aliases property for SAML connections. If more than 1,000 domains are added, an API request will fail with the following error:
{
"statusCode": 400,
"error": "Bad Request",
"message": "'Array is too long (1036), maximum 1000' on property options.domain_aliases",
"errorCode": "invalid_body"
}
This ensures system stability and prevents performance issues associated with excessive domain lookups.
If more than 1,000 domains are required, consider the following options:
- Consolidate Domains:
- If possible, group similar domains under a smaller number of shared domains to stay within the limit.
- Contact Auth0 Professional Services:
- If the use case requires an exception or alternative implementation, contact Auth0 Professional Services to explore potential solutions.