FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Force Google Account Selection on every login using SAMLv2 IdP

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    2
    4
    479
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nico.ayala
      last edited by

      Re: Force Google Account Selection on every login

      We have an issue similar to the one linked above. In our case, we have configured Google IdP via SAMLv2.

      When a user starts the sign-in flow, Google's AccountChooser pops up, the user selects one account and finishes the sign-in flow without issues. The second time the user signs in, the account chooser does not appear, so there is no way to select another account.

      We use the idp_hint param to skip the FusionAuth sign-in page and go straight to Google's AccountChooser. We tried login_hint and prompt=select_account to the OAuth authorization URL without success.

      Is there a way to force Google account selection via SAMLv2?

      Any suggestions are welcome, thanks in advance!

      danD 1 Reply Last reply Reply Quote 1
      • danD
        dan @nico.ayala
        last edited by

        @nico-ayala

        Thanks for using FusionAuth!

        I don't believe there's a way to pass prompt=select_account through the SAMLv2 process.

        Since you are (I think) using Google as a SP, is there any reason you can't use the OIDC integration instead?

        Dan

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        N 1 Reply Last reply Reply Quote 0
        • N
          nico.ayala @dan
          last edited by

          @dan I would need to explore what the requirements are to have an OIDC integration instead. This change might also require bothering customers with more configuration on their side.

          Thanks for the help!

          danD 1 Reply Last reply Reply Quote 0
          • danD
            dan @nico.ayala
            last edited by

            @nico-ayala Makes sense. We have some documentation here: https://fusionauth.io/docs/v1/tech/identity-providers/google#custom-parameters

            Though that is for setting up an OIDC provider in FusionAuth, it might be somewhat helpful.

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            1 Reply Last reply Reply Quote 0
            • First post
              Last post