Improved IdP configuration for logging in
-
We use multiple IdPs for authenticating our users. We are aware that there is an option for managed domains to specify associated email domain for each IdP and if the user's email address matches one of the configured domains the user will then be redirected to this particular IdP. However mapping the domains is not enough for our use case as we cannot restrict whole domain to just one IdP (the requirements for IdP can be different between the users with same email domain).
What we would like to see in FusionAuth is more like this:
- User submits an email address on the FusionAuth login screen
- FusionAuth will automatically decide which IdP should be used for that user e.g. based on some stored preference - mapping - between that user and IdP and will redirect the user to the IdP
- If there is no IdP configured for the user, password field will appear
This requirement is somehow similar to the https://github.com/FusionAuth/fusionauth-issues/issues/389.
Also it would be nice to provide "more options" button on the login screen for accessing other login methods (e.g. using email and password) even though the user is configured to login via specific IdP. In our case, user can use our application to change his IdP settings (via FusionAuth API). The problem is that when user changes some settings directly in IdP, there is a possibility he will lock himself out of our application and will not be able to update the IdP settings in our app anymore (he won't be able to login and will still be forced to do that via configured IdP). We know that IdP settings can be in that case manually updated in FusionAuth but we want to avoid that.
Can you please tell if there is already a solution implemented for our use cases or will be in near future?
Thank you. -
Hi @peter-babinec ,
Thanks for looking at the existing issues. I'd say that #178 is close too. Here's our general statement on our roadmap.
Based on the number of votes that these issues have, we can't commit to a near term solution for you.
Your options:
- engage us via a professional services agreement to build this feature out. We're happy to give quotes after discussing requirements.
- build out a custom login interface using the login API, which will let you control the UI/UX entirely.
Regarding your second suggestion:
Also it would be nice to provide "more options" button on the login screen for accessing other login methods (e.g. using email and password) even though the user is configured to login via specific IdP.
Please file a feature request, as I don't think that use case is covered by any existing request.
Hope this helps.