One approach would be to append the parameter idp_hint to the login URL to redirect a user to the appropriate IdP login page. Please read the hints section in our documentation for more information.
Another way to disable the password and email login for a user would be to set their password to a random 25-character string. This would make the password essentially impossible to brute force and thus impossible for them to log in via the hosted login page.
Adding one or more managed domains for this configuration will cause this provider not to be displayed as a button on your login page. Instead of a button the login form will first ask the user for their email address. If the user’s email address matches one of the configured domains the user will then be redirected to this login provider to complete authentication. If the user’s email address does not match one of the configured domains, the user will be prompted for a password and they will be authenticated using FusionAuth.
You’re correct. That is not a standard redirect URL. You could easily build some glue code to to look like an OpenID Connect compliant SP and then handle the redirect yourself. I am not super familiar with some of the OpenID Connect server options, but something like Hydra may be useful here. Perhaps some others from the community here can help with off the shelf options if you don’t want to code it yourself.
But coding it yourself may be the easiest, if you coded it in Node or something like that, it would be super simple, you’d have FusionAuth redirect to your node app and then you’d redirect to the video platform.
This is generally done by using the domain configuration. For example, all users with an email address domain of acme.com can be configured to use a particular SAML or OpenID Connect configuration.
As soon as you configure one IdP with a domain, the login panel will collect the email address first to understand if we need to ask for a password or forward them along to a federated identity provider.