I have an Auth0 tenant that has both the database and passwordless (email) directories configured. The database has existing users and is configured to accept no more registrations. Passwordless is set as the default directory. Authentication profile is set to Identifier First.
When I register new users, they are pushed down the passwordless route. This is my desired outcome. However, if an existing user from the database directory tries to login, then they are sent a code rather than asked for their password. How can I fix this?
As specified in this community post, you must create two different /authorize links for your users. One sends them to an email/password connection, and the other to a passwordless connection if you want to support both sign-in methods:
If you have any other questions, feel free to reach out.
Thanks @vlad.murarasu - what is the point of the Identity first authentication profile if not to allow both directories to be supported in the same UI?
“What is the point of the Identity First authentication profile?”
Its goal is to separate the identifier input field from the password. If Home Realm Discovery is turned on, you can have a specific domain sent straight to, let’s say, the company SSO.
“How would I set up separate /authorize links?”
You can use these docs to learn how they work. In the end, they will look something like: https://YOUR_DOMAIN/authorize? ... &connection=Username-Password-Authentication
If you use this, you must add the connection parameter to specify which connection you want to use. In a way, this would defeat the point of the Universal Login. Since it will send you to a screen with only an email input field. If you have other social connections, they will need to be accessed in the same way, by using the connection parameter.
If you have any further questions, feel free to reach out!