OIDC email domains not accepted by universal login

We want to use Auth0 to allow our customers to SSO into our SaaS app. I’m currently adding a second Enterprise connection for this purpose. Mostly it’s working fine, but the one hitch is that I can’t get the second email domain to be accepted by the Universal Login screen-- after the email is entered, the error message below the email field reads “Please, use your corporate email to login.” I’ve entered this second email domain in the “IdP domains” field of the OpenId enterprise connection, and it now shows up in our list of published connections in our home realm discovery file (see below). But only the email domain from our Google Apps enterprise connection is recognized. Does anyone have any idea what we should do so that multiple domains will be accepted by the universal login?

“id”: “WbjF_QbUFUP-zf14v5vO9mJen2ADVVFH”,
“tenant”: “zaius”,
“subscription”: “developer-pro”,
“authorize”: “…”,
“callback”: “…”,
“hasAllowedOrigins”: true,
“strategies”: [
“name”: “oidc”,
“connections”: [
“name”: “dev-374496-admin-oktapreview-com”,
“display_name”: “dev-374496-admin-oktapreview-com”,
“domain”: “second-domain.com”,
“domain_aliases”: [
“scope”: “openid email”


Which version of Lock are you using in the universal login page?