Multiple Enterprise Connections with the Same Home Realm Discovery Domain

Problem statement

There are two enterprise connections that need to use the same email domain for Home Realm Discovery since the users are migrating from one identity provider to another, and having both enabled is needed for testing purposes.


If two connections are using the same identity provider domain for Home Realm Discovery (HRD), only one will be used for redirecting the user.

In this scenario, the best approach would be to not use Home Realm Discovery for both connections and instead append a ‘connection’ parameter to the /authorize request for one of the connections which will take the user directly to the connection specified. That way regular users will still go through Auth0 and leverage the HRD configured for the original connection. Once testing is complete, simply remove the HRD from the old connection and add it to the new connection.

Related References: