Passing login_hint to Microsoft Entra ID (Azure AD) when using SAML

Problem statement

When configuring SAML SP-Initiated Single Sign-On to Microsoft Entra ID (Azure AD), the email address typed into the New Universal Login screen is not carried over to Entra ID, so the user has to enter an email address twice (on Auth0 and Entra ID login screens). Can the login_hint be passed to Entra ID?


If Auth0 is an IdP, the login_hint can be passed. Refer to Pass login_hint to SAML provider. However, it seems that Entra ID (Azure AD) would not accept login_hint when using SAML.

Please see How to pass login_hint from azure ad to WS-Fed external identities(okta)

It states that “Azure AD does not support parsing out user hint from the subject claim in the request. So, as of now, Azure AD can use login_hint only when OIDC/OAuth is used.”


In order to pass the login_hint, consider using OIDC/OAuth instead of SAML.