Remove email/password authentication option in Universal Login Form

Problem statement

We are using the Auth0 Universal Login Form. In this tenant, we have an app where we want to enable authentication only via Microsoft Azure. I thought disabling the DB Connection in the app should hide the Email address field and the default Continue button, but that is not the case. Can you please confirm what’s the configuration required to accomplish this?

Troubleshooting

Check the tenant’s authentication profile as to whether it is using “Identifier First”.

Cause

When using Identifier first, the email field is always shown. This is not intuitive as if no identity provider domains are set. And this will only cause errors on clicking continue:

Solution

Because your tenant users the “Identifier First” authentication profile, it will attempt to allow users to use home realm discovery even though only one connection is enabled.

To remove the email address field, you need to move to Identifier + Password on your tenant for your Authentication Profile.

Alternatively, you could provide a connection parameter in your /authorize request, which would skip the Universal login page and take you to the upstream IdP’s login page.