Organization login flow

I have multiple organizations configured, some with enterprise connections, others with database connections. My application’s organization settings are set to:

  • Business Users
  • Prompt for Credentials

Authentication profile is set to: Prompt for Credentials.

When redirecting to Auth0 to authorize the user, I assume I have to either have my tenant configured to prompt for organization, or I need to send the org id along the authorization request? In other words, I can’t simply prompt for email without any organization context, since we can’t do home realm discovery for databases… ?

As I understand it, I have to do the following:

  1. my app asks for the user’s email
  2. I look up their org id based on their email
  3. I redirect the user to the authz endpoint, with the org_id param and the login_hint param
  4. The user sees the login prompt, with their email populated and they choose Login
  5. They enter their password
  6. Auth0 authenticates and redirects back to my app with tokens

The problem I don’t like with this flow is I find step 4 weird. The user has to essentially click “login” twice: once on my app, and once on auth0. Is there another way to do this?

Thank you