Supporting customer that needs both SAML and database connection at the same time

Help
,
1

Hi,

I have a customer that wants me to support both SAML and database connection with same domain email (all users are in pattern ***@mycompany.com).

Only a small number of users are required to use SAML login while others will continue using our product with a database connection for the time being.

My environment is:
I have a custom database connection that will be used by default
I have an enterprise connection for mycompany.com, but with no home realm discovery because it will grab all users with the domain mycompany.com.

My proposed solution is:
I would like to support such use case by providing an additional button for user to choose and login with SAML.
The button should only show for users with domain of mycompany.com, and send out login request with connection when clicked.

My question is:

  1. What are some suggestions you like to give for this kind of use case? Is there off-the-shelf solution I can use?

  2. I tried using the new login experience with custom template. I think I can achieve my goals by adding a lot of situational scripts. But, the scripts will relay on some DOM object manipulation, and is vulnerable to future updates that changes the structure. Do you have other suggested solution to the matter? Something like an easier way of adding logic to the template will really help a lot.

  3. According to answer given in Home Realm Discovery - Customization , the part where I need only certain users to see the options cannot be simply fulfilled. Has anything change since 2021 when the question is asked?

Thanks for reading through my question!

2

Since no response is found, I will simply post my solution here for those who need it.

The final solution I used is to stay using classical login experience.

Since no further development will be made on it, the structure may stay the same for longer, and the readable class names are much more easy for modification.

For customize login page:

  • Defines mapping of email domain to (enterprise) connection name
  • Adds event listener to user input for email
  • Checks the input for specific email domain
  • Adds a button for those user to click on (login with mycompany.com)
    • Adjust css as you need it to be
  • Import Auth0.js through CDN
  • Calls the authorize endpoint with pre-defined connection when button is clicked

User will enter normal SAML flow if the button is clicked, account password is also an option with the original login button.

For enterprise connection:

  • Do not set home realm discovery for those customers that needs both database connection and SAML connect
    • It will change the layout when detected, causing password field to disappear, and I do not want that in this case.

Thats all, thanks!

1 Like
3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.