Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Organization name/domain prompt page #7887

Open
2 tasks done
vs-gtadeu opened this issue May 1, 2024 · 2 comments
Open
2 tasks done

Organization name/domain prompt page #7887

vs-gtadeu opened this issue May 1, 2024 · 2 comments
Labels
auth enhancement New feature or request

Comments

@vs-gtadeu
Copy link

vs-gtadeu commented May 1, 2024
edited

Preflight Checklist

  • I could not find a solution in the existing issues, docs, nor discussions
  • I have joined the ZITADEL chat

Describe your problem

Zitadel currently only supports home realm discovery for identifying the user's organization and the appropriate login method configured for that organization. This approach only seems to work if users' email addresses are unique across organizations. If the same email address is used for users in different organizations, Zitadel is not able to identify the organization and log the user in.

Describe your ideal solution

A possible solution to this problem would be to allow configuring the Zitadel instance to either use home realm discovery or prompt users for their organization's primary domain (or name). Home realm discovery would be the default:

image

If the instance is configured with "organization prompt", after applications initiate the authentication process without an organization parameter (i.e., using urn:zitadel:iam:org:domain:primary:{domainname} or urn:zitadel:iam:org:id:{id} scopes), Zitadel prompts the user for their organization's primary domain. Once provided, Zitadel can use it to identify the organization and allow the user to log in using the login method configured for that organization.

image
image

Version

No response

Environment

ZITADEL Cloud

Additional Context

For what is worth, we have two main reasons for preferring an organization prompt page over home realm discovery:

  • Some of our users will have multiple accounts with the same email address but for different organizations.
  • Our current solution is built on top of Auth0, which solves this problem by presenting an organization prompt page. Having this behavior in Zitadel would provide our users with a smooth user experience while transitioning from Auth0 to Zitadel.

This issue was created after this discussion: #7676
@vs-gtadeu vs-gtadeu added the enhancement New feature or request label May 1, 2024
@hifabienne
Copy link
Member

Thank you for sharing your idea.
If there is a significant demand from customers/community, we will carefully consider implementing the feature.
Currently, the issue will be added to our product backlog to collect feedback.

@hifabienne hifabienne added the auth label May 2, 2024
@stiwari99
Copy link

we are actually looking for this solution, right now we have to keep org to zitadel org Id mapping directly in UI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth enhancement New feature or request
Projects
Product Management
Status: 📨 Product Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stiwari99 @hifabienne @vs-gtadeu