Switching to Identity-First Flow: Handling Multiple DB Connections

Get Help
,
1

Hey all,

I’m working on an Auth0 integration with two roles: admin (who has full access to the application without belonging to any organization) and customer_admin (who belongs to an organization). The admin role can be created directly, but customer_admins are registered through invitations. To manage this, I have set up two DB connections:

  • Username-Password-Authentication: Used for admins (sign-up is disabled here).
  • Username-Password-Invitation: Used for customer_admins (sign-up is allowed here but only via invitation).

Initially, I implemented a custom login page where, after the user enters their email, I hit an endpoint to get the user’s connection, then redirect them to the appropriate connection for login.

However, I’m now considering switching to an identity-first flow, which seems to streamline the process. My concern is that the login and password fields currently only work with the “Username-Password-Authentication” connection. Is there a way to determine the user’s primary connection after they enter their email and log them in using that primary connection?

Any guidance would be greatly appreciated!

Thanks in advance!

3

Hi there,

Thank you for reaching out to us!

Wanted to provide some information on this matter, in case it helps out others as well.
Essentially, when a user attempts to log in regardless of Authentication Profile, they will be authenticated against the Connection where their profile resides. By creating two different Databases and enabling them for your application, with Identifier-First Authentication profile, the user inputs their email and they will be prompted to login according to their specific Database ( as long as each user email address only resides in one DB).

Adding Organization as you’ve mentioned, you can choose to add a Database to an Organization, if you want users from that DB to authenticate against the Org, then define the Login Flows for Organizations so that these specific users need to input the Organization name before being able to proceed with the login flow.

Hope this helped!
Gerald