Overview
This article explains how to allow a subset of users to use a specific connection or Identity Provider (IdP) when using Home Realm Discovery (HRD) is not possible due to varying email domains.
Applies To
- Connections
- Identity Providers (IdP)
Solution
There are multiple possible solutions to this, depending on the exact use case:
- Provide these users (or the company they are part of) with a unique login URL, which will always redirect to the right Identity Provider using the ‘connection’ parameter in the login request
- Use the Organizations feature in Auth0 to turn on specific connections for a given organization so all users are forced to use that connection only
- Check if the current user is part of a specific list, and send an error if they do not log in with the expected connection