Multiple organizations with different connection type

Connection Setup:
Single Tenant
Org 1 - Database Only
Org 2 - Enterprise Only

How do I change login so that when Org 1 is passed in that it will ask for email and password, but when Org 2 is passed in that it will only ask for an identifier. Authentication Profile seems to be defined at the tenant level and not at the organization level.

Hi @jquerijero ,

Happy to assist you with your question.

You’re right here. But it can be achieved that when logging in through org 1, the user will be authenticated against the database connection and when logging in through org2, against the enterprise connection.

If you choose the Identifier first profile, only the identifier prompt will be shown for the user. Then, depending on what organization they log in through, they will be prompted to provide the password on the second screen (org1) or redirected to the native enterprise connection login page
to finalize the login (org2).

I would encourage you to test the experience. :+1: To do so, please assign relevant connections to relevant organizations (Auth0 tenant → Organizations → org1/org2 → Connections-> relevant connection) and let us know if you have any issues or follow-up questions on that.

Thanks,
Marcelina

I have set it up to ask for identifier first and that works, just wondering if Auth0 can detect the type of connection an organization has and show the most appropriate login experience.

Hey @jquerijero ,

I think I would choose the Authentication Profile set to Identifier + Password. I will try to explain why below.

Generally speaking, the below screen shows that there are three ways of setting your application with the Organizations feature:

Auth0 can detect the connection associated with the organization and I think the quickest way to test it out would be to choose the Login Flow: "Prompt for Organizations" . The flow would look like this:

  1. Provide the Organization:

  2. As the org1 has only the database connection allowed, after clicking “Continue”, the user is present (depending on the Authentication Profile set for your tenant) with an Identifier or Identifier + Password screen. In this case: Identifier + Password:

Analogically, if the user starts the flow by providing org2 in the first screen, after clicking “Continue,” they would be redirected to your native enterprise login screen (so in this scenario, the Authentication profile of your Auth0 tenant does not matter).

What do you think? Please let me know your thoughts / follow-up questions.