We have come across a possible limitation with Universal Login Experience using Identifier First and HRD:
- User A is part of Org 1 and Org 2.
- Org 1 is configured to use SAML and Org 2 uses Username-Password-Authentication
When User A visits the New Universal login and enters userA@company.com they are automatically redirected to the SAML IdP configured for Org 1 and after successfully authenticating, access the the application as Org 1.
This user is never able to authenticate successfully for Org 2 using the New Universal Login experience and HRD because they never make it back to the Organization Picker screen.
The only way to allow this user to login to Org 2 is to have your application supporting the connection url parameter and manually navigate to app.acme.com/login?connection=Username-Password-Authentication, however this is a terrible UX for users.
What is the solution for an application user in this scenario to be able to log in to both Organizations independently using the New Universal login