feature request: Dynamic SSO Identity Provider selection mechanism (beyond email domain) about logto HOT 8 OPEN

Glad to hear. It's a new feature we just added. We are working on the documentation. I'll keep you updated once it's released.

from logto.

@cesdperez please check this doc. Let us know if this helps.

from logto.

Hi @cesdperez , thanks for your feedback.

We actually have a direct sign-in feature that allows users to jump directly to a specific SSO IdP's sign-in page, without needing a valid email domain. Would this address your issue?

However, this feature requires you to have a particular SSO IdP pre-configured. For multiple SSO IdP enabled, we still need to use user email to identify the enabled SSO connectors.

from logto.

Hi @simeng-li, thanks a lot for your reply!

We actually have a direct sign-in feature that allows users to jump directly to a specific SSO IdP's sign-in page, without needing a valid email domain. Would this address your issue?

This could be what I'm looking for indeed. Is it available for Enterprise SSO? I couldn't find that option, and when setting up an SSO connector the email domain is a required field.

I forgot to mention, I'm using the OSS version.

from logto.

Yes, that would be what I'm looking for 👍🏼. I haven't verified the functionality, tho. Thanks for the quick response.

Nonetheless, my use case requires that for any kind of enterprise SSO connection (either OIDC or SAML).

Is this also working with SAML SSO enterprise connectors?

from logto.

I see that the email domain is still a required field when creating an SSO Enterprise connector
.

For my use case, I'd need this to be optional.

I'm using version 1.15.

from logto.

For direct sign-in, you may leave this field empty, it should jump the email domain validation step. Let us know if you met any blockers.

from logto.