Send Only the Username as a Login Hint for a Specific Enterprise Connection

Overview

This article addresses whether it is possible to configure a Single Sign-On (SSO) enterprise connection to send only the username portion of an email as the login_hint parameter. This scenario applies when a specific identity provider, such as Active Directory Federation Services (ADFS), requires only the username for login, while other connections require the full email address.

Applies To

  • SSO Enterprise Connections
  • Active Directory Federation Services (ADFS)
  • Azure AD
  • Login Hint

Solution

It is not possible to configure the system to send only the username portion of an email as the login_hint for a specific enterprise connection. When the login_hint parameter is used, it sends the full email address entered by the user.

While a similar feature, defaultADUsernameFromEmailPrefix, exists within Lock, this option cannot be isolated to a single enterprise connection. More information on this Lock-specific feature is available in the Lock Configuration Documentation.

1 Like