Introduction

There are cases where multiple IdPs are linked for application authentication, for reasons such as wanting to continue using existing external IdPs even after the introduction of Auth0. Auth0's default configuration requires the user to select an authentication partner on the login screen.

By using Auth0's Authentication Profile function, you can automatically sort the authentication destination IdP according to the user (email address domain).

On this page, we will introduce an example of setting and login behavior for realizing authentication destination IdP routing using the Authentication Profile function.

premise

The settings and login operation examples on this page assume that the following has been prepared.

• Auth0-integrated web application
• Enable multiple Connections for the web application (this time enable Auth0 Database Connection and Enterprise Connection (Azure AD))

*For Enterprise Connection (Azure AD) settings, please refer to [External IdP Linkage by Auth0 Enterprise Connection Function (Azure AD)].

For the login screen function by Auth0, use New Universal Login.
*Authentication Profile function does not support Classic version

In addition, the information regarding functions and settings described on this page is current as of October 2022.

Setting Example

1. On the Auth0 management screen, click [Authentication] > [Authentication Profile].

2. Select [Identifier First] and click [Save] at the top right of the screen.

By selecting [Identifier First], only the input of the e-mail address is required on the login screen, and the screen transitions to the password input screen provided by the authentication destination IdP according to the domain of the input e-mail address.

Operation example at login

• Perform login operation on the web application screen linked with Auth0 and transition to the login screen provided by Auth0
• Make sure you are only prompted to enter your email address

(When logging in as a user registered in the Auth0 user database)

3. Enter the user's email address and click [Continue]

4. Confirm that the password is still required on the login screen provided by Auth0

5. Enter your password and click [Continue]

6. Confirm that the user registered in the Auth0 user database was able to log in to the web application

(When logging in as a user registered in Azure AD)

7. Enter the user's email address and click [Continue]

8. Transition to the login screen provided by Azure AD and confirm that a password is required

9. Enter your password and click [Sign in]

10. Confirm that you were able to log in to the web application as a user registered in Azure AD

(Supplement) Domain discrimination setting

The distribution of authentication destination IdPs by domain is based on the Home Realm Discovery settings in Enterprise Connection. Authentication will be distributed to the target IdP if it matches the domain registered in this setting.

Summary

By using the Authentication Profile function of Auth0, it is possible to distribute authentication destination IdPs. This function can also be used in the free Auth0 trial environment, so please try it out.

reference

• Configure Identifier First Authentication - Auth0 docs