@s.whitaker Thanks for clarifying. I see your point, and definitely a valid use case (in most cases employees are in an AD/directory, therefore didn’t think of this one yet, but makes sense, absolutely).
So, in this case, if the email address domain of your employees is always clear, such as always being
@yourcompany.com, then you could simply use this connection resolver:
(Note: this requires Lock = the Classic login widget, not the New Universal Login / ULP).
That surprises me, given that the UI in
applications/[app ID]/connections allows multiple database connections to be selected.
It’s possible to select because it works fine if you specify the connection based on certain logic for the Lock widget.
allowedConnections: see docs
defaultDatabaseConnection: see docs
or the mentioned
(But using these first two parameters isn’t applicable for your use case.)
So, let me know if above mentioned
ConnectionResolver will work for you. If not, I see another solution, which is to federate the Auth0 tenant via custom SAML or OpenID Connect connection to itself. In this way, you can have regular username/password fields for end customers, and a button “Login with Employee Credentials” for employees.
It’s then even possible to detect which login to use based on your company’s domain and then offer the right button to the user once he enters a company email address and hide the email/password field for end users, which is called Home Realm Discovery
Do you get the idea? Might be a bit complex with just textual description - I can try to sketch this up later today or tomorrow. But maybe the first suggestion with the
ConnectionResolver already works for you.