An enterprise connection has been configured in a tenant. This works as expected when tested with the Try button.
However, when attempting a login using that connection, it gets stuck in an infinite redirect loop and an error message is displayed:
"description": "no connections enabled for the client"
Why might this error be encountered?
- Identifier+Password is configured as the Authentication Profile
- The Enterprise connection has not been configured to display the connection as a button
This combination of settings is not supported.
This issue may be encountered in a variety of different contexts. However, the general pattern is similar to this:
- A tenant has one or more client applications configured, together with one or more Auth0 database connections
- An enterprise connection is then configured
- A new client application is configured for use with the enterprise connection ( let us call it ‘client-X’ )
- The tenant administrator expectation is that during login to ‘client-X’, Auth0 will automatically select the enterprise connection
- Due to (4), a login button has not been configured for the enterprise connection
- The login attempt fails, and the error “no connections enabled for the client” is displayed
The explanation for this behavior is that the Authentication Profile for New Universal Login is set to Identifier + Password. The default behavior in this case is to assume an Auth0 database connection that is associated with the application.
Use of the enterprise connection requires an additional configuration step. To ensure that the login request is associated with the desired enterprise connection, configure either a dedicated Login button or enable an Identifier First login flow.
To view the current Authentication Profile:
- Login to the dashboard as a tenant member ( administrator )
- Navigate to Authentication > Authentication Profile
There are two methods available to solve this problem:
- Use the Display connection as a button option (Add button) which can be found in the Login experience configuration step for the enterprise connection. This way, users need to click on a button to get redirected.
- Use Identifier First as the Authentication Profile. This leverages Home Realm Discovery. For more information, refer to Configure Identifier First Authentication.