Configure Identifier First Authentication
Identifier First login flows prompt users for their identifier and authentication method in two separate steps. For example, when you authenticate to Google websites, you enter your email first, click next, and then enter your password.
How it works
This two-step approach lets you customize a user's experience depending on the identifier they entered:
When a user enters a corporate email (for example,
firstname.lastname@example.org), you can redirect them to acme.com’s corporate login page.
If a user enters an email for a personal account, you can prompt them for their password.
If the user's device is enrolled with WebAuthn w/Device Biometrics, they can use their device's biometric authenticators instead of a password.
Configure Identifier First
Pick the flow you want to use:
Identifier + Password: Users will enter their identifier and password on the same screen.
Identifier First: Users will enter their identifier on the first screen. If the identifier matches the Identity Provider domain of the enterprise connection, users will be redirected to the enterprise connection's login page. If not, they will enter their password.
Identifier First + Biometrics: The same as above, but if users are logging in from a device that supports WebAuthn w/Device Biometrics, they will be prompted to enroll that device, and they can use it in subsequent logins. You can learn more about this feature here
Define Home Realm Discovery identity providers
When a user enters their email, Auth0 will check if the domain matches one from a registered Enterprise connection. If there's a match, Auth0 redirects the user to the enterprise identity provider’s login page. If the domain doesn't match, the user is prompted to enter their password. This is also known as Home Realm Discovery (HRD).