Handling Default IdP Routing in FusionAuth Without idp_hint
-
We’re building a Microsoft PowerPages website that needs user authentication through FusionAuth, with token enrichment via custom claims. We’ve configured an application and identity provider in FusionAuth, so users can authenticate via our external IdP instead of using FusionAuth’s login form. In our other apps, we use idp_hint in the path, which works well. However, Microsoft PowerPages doesn’t allow us to add this query parameter.
Is there a way in FusionAuth to set a default IdP for an application, or do you have suggestions for handling this without relying on idp_hint?
-
FusionAuth doesn’t currently support setting a default IdP for an application or automatically forcing logins through an IdP. You’re welcome to submit a feature request on our GitHub issues page.
If all your users share the same email domain, you could try Managed Domains to route them to the correct IdP.
Another option is to place a proxy in front of FusionAuth. The proxy could inspect incoming requests and append the idp_hint before forwarding traffic to FusionAuth. You can learn more about using a proxy setup here.