Hi all, we’re currently in development for a few capabilities that relate to the asks in this thread. At a high-level, the updates will be as follows:
- Integrate Organizations with Identifier-First Login flow, such that end-users can log-in to a generic application login prompt (as opposed to having to find or be directed to an Organization-specific login prompt).
- Support the existing Home Realm Discovery behavior so that a single user with multiple organization memberships can first be authenticated, and then optionally select from the organizations that they belong to before being redirected to your app with the appropriate
org_idin their claims. - Introduce the ability to associate an email domain with an Organization, to support your larger business customers who may have users with email addresses that share the same email domain but are expected to authenticate using different IdPs.
We’re planning to begin rolling out these capabilities early next year. Note that the design and timing is subject to change. Thanks for your patience.