Error "no connections enabled for the client" when Attempting to Log In

Last Updated: Jul 9, 2024

Overview

An enterprise connection has been configured in a tenant. This works as expected when tested with the Try button.

However, when attempting a login using that connection, it gets stuck in an infinite redirect loop, and an error message is displayed:

“description”: “no connections enabled for the client”

This article details why this error might be encountered and how to solve it.

Applies To

  • Login Error
  • Troubleshooting
  • Enterprise Connection

Troubleshooting

Check whether:

  • Identifier+Password is configured as the Authentication Profile.
  • The Enterprise connection has not been configured to display the connection as a button.
  • Passwordless connections are in use with the New Universal Login.

This combination of settings is not supported.

Cause

This issue may be encountered in a variety of different contexts. However, the general pattern is similar to this:

  1. A tenant has one or more client applications configured, together with one or more Auth0 database connections.
  2. An enterprise connection is then configured.
  3. A new client application is configured for use with the enterprise connection (let us call it ‘client-X’).
  4. The tenant administrator expects that when logging in to ‘client-X,’ Auth0 will automatically select the enterprise connection.
  5. Due to (4), a login button has not been configured for the enterprise connection.
  6. The login attempt fails, and the error “no connections enabled for the client” is displayed.

The explanation for this behavior is that the Authentication Profile for New Universal Login is set to Identifier + Password. The default behavior in this case is to assume an Auth0 database connection that is associated with the application.

Use of the enterprise connection requires an additional configuration step. To ensure that the login request is associated with the desired enterprise connection, configure either a dedicated Login button or enable an Identifier First login flow.

Similarly, this error can be seen when a Passwordless connection is enabled for the client and using the New Universal login experience.

Solution

To view the current Authentication Profile:

  1. Login to the dashboard as a tenant member (administrator).
  2. Navigate to Authentication > Authentication Profile.

There are two methods available to solve this problem:

  1. Use the Display connection as a button option (Add button) which can be found in the Login experience configuration step for the enterprise connection. This way, users need to click on a button to get redirected.
  2. Use Identifier First as the Authentication Profile. This leverages Home Realm Discovery. For more information, refer to Configure Identifier First Authentication.

For Passwordless connections with New Universal Login, the “Identifier First” Authentication Profile is also required. If a database connection and/or multiple passwordless connections are enabled for the same client, a connection parameter in /authorize requests is also required.
Please see this documentation for the setup steps and how it behaves with different combinations of connections:

Related References