We’re using ‘choose organization’ feature where user is presented with list of orgs for selection during login. Is there a way of filtering which organizations returned to the user during Identifier First login flow for organizations with prompt for credentials ?
We have a usecase where a user can be a member of multiple organizations however depending on the client application we would like to restrict which organizations are displayed to users. The clients do allow authentication from different organizations also. So depending which SPA client is being used user should be prompted those orgs of which membership grants access to login.
We could add list of allowed orgs to client metadata and instead of displaying orgs to end user we check whether membership of allowed orgs is present. However this does not solve a problem where user should be able to decide as part of which org login should be made as it may grant different roles/permission .