FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Improved IdP configuration for logging in

    Scheduled Pinned Locked Moved
    Q&A
    2
    2
    308
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peter.babinec
      last edited by peter.babinec

      We use multiple IdPs for authenticating our users. We are aware that there is an option for managed domains to specify associated email domain for each IdP and if the user's email address matches one of the configured domains the user will then be redirected to this particular IdP. However mapping the domains is not enough for our use case as we cannot restrict whole domain to just one IdP (the requirements for IdP can be different between the users with same email domain).

      What we would like to see in FusionAuth is more like this:

      1. User submits an email address on the FusionAuth login screen
      2. FusionAuth will automatically decide which IdP should be used for that user e.g. based on some stored preference - mapping - between that user and IdP and will redirect the user to the IdP
      3. If there is no IdP configured for the user, password field will appear

      This requirement is somehow similar to the https://github.com/FusionAuth/fusionauth-issues/issues/389.

      Also it would be nice to provide "more options" button on the login screen for accessing other login methods (e.g. using email and password) even though the user is configured to login via specific IdP. In our case, user can use our application to change his IdP settings (via FusionAuth API). The problem is that when user changes some settings directly in IdP, there is a possibility he will lock himself out of our application and will not be able to update the IdP settings in our app anymore (he won't be able to login and will still be forced to do that via configured IdP). We know that IdP settings can be in that case manually updated in FusionAuth but we want to avoid that.

      Can you please tell if there is already a solution implemented for our use cases or will be in near future?
      Thank you.

      1 Reply Last reply Reply Quote 1
      • danD
        dan
        last edited by

        Hi @peter-babinec ,

        Thanks for looking at the existing issues. I'd say that #178 is close too. Here's our general statement on our roadmap.

        Based on the number of votes that these issues have, we can't commit to a near term solution for you.

        Your options:

        • engage us via a professional services agreement to build this feature out. We're happy to give quotes after discussing requirements.
        • build out a custom login interface using the login API, which will let you control the UI/UX entirely.

        Regarding your second suggestion:

        Also it would be nice to provide "more options" button on the login screen for accessing other login methods (e.g. using email and password) even though the user is configured to login via specific IdP.

        Please file a feature request, as I don't think that use case is covered by any existing request.

        Hope this helps.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post