Multi-Org User cannot login via U/P if their account is using SAML in another Org

We have come across a possible limitation with Universal Login Experience using Identifier First and HRD:

1. User A is part of Org 1 and Org 2.
2. Org 1 is configured to use SAML and Org 2 uses Username-Password-Authentication

When User A visits the New Universal login and enters userA@company.com they are automatically redirected to the SAML IdP configured for Org 1 and after successfully authenticating, access the the application as Org 1.

This user is never able to authenticate successfully for Org 2 using the New Universal Login experience and HRD because they never make it back to the Organization Picker screen.

The only way to allow this user to login to Org 2 is to have your application supporting the connection url parameter and manually navigate to app.acme.com/login?connection=Username-Password-Authentication, however this is a terrible UX for users.

What is the solution for an application user in this scenario to be able to log in to both Organizations independently using the New Universal login

Anyone able to provide some clarification on this?

Found some documentation which appears to indicate that the above scenario should be possible: Login Flows for Organizations | The step When a user belongs to more than one organization

image21999×1067 156 KB

Hi @ahns,

If this application is supposed to only be accessed by organization members go to Applications > Applications > Select your application and select the Organizations tab.

Screenshot 2025-04-15 at 19.14.202000×2094 332 KB

“Prompt for Organization” will let your users choose the organization they’re logging in first, and then ask for their credentials. This way the system won’t get confused anymore.

If you have any other question feel free to reach out.

Have a good one,
Vlad

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.