Hi @billy2
Thank you for reaching out to us!
After reading through your use-case, I did some digging around and it appears that “tenant_domain” is merged with the “domain_aliases” array, and the resultant array is what is used for Home Realm Discovery. " tenant_domain " seems to be more of a legacy field that only accepts a String and is limited to one entry.
Doing some testing with the Management API, “tenant_domain” is not automatically created when setting “domain_aliases”. As you have mentioned, using only tenant_domain seems to be working correctly, but it will indeed not list the configured “tenant_domain” in the connection’s “Identity Provider Domains” box.
My recommendation is to just use the “domain_aliases” array to record your customer’s email domains that should be routed to the connection in question, and the “tenant_domain” attribute can be omitted from the configuration. As the connection is working correctly for you, this is solely a UI issue ( which can create confusion).
This was similarly mentioned in the following Community Post as well, where domain_aliases was used in the same fashion instead of tenant_domain.
I would also recommend to provide this feedback to our Product team via the Feedback page. Others can vote on the suggestion and this can lead to UI improvements and fixed to avoid such confusions in the future.
Hope this helped!
Gerald