I have multiple organizations configured, some with enterprise connections, others with database connections. My application’s organization settings are set to:
- Business Users
- Prompt for Credentials
Authentication profile is set to: Prompt for Credentials.
When redirecting to Auth0 to authorize the user, I assume I have to either have my tenant configured to prompt for organization, or I need to send the org id along the authorization request? In other words, I can’t simply prompt for email without any organization context, since we can’t do home realm discovery for databases… ?
As I understand it, I have to do the following:
- my app asks for the user’s email
- I look up their org id based on their email
- I redirect the user to the authz endpoint, with the org_id param and the login_hint param
- The user sees the login prompt, with their email populated and they choose Login
- They enter their password
- Auth0 authenticates and redirects back to my app with tokens
The problem I don’t like with this flow is I find step 4 weird. The user has to essentially click “login” twice: once on my app, and once on auth0. Is there another way to do this?
Thank you