Identifier First Authentication
Identifier First login flows prompt users for their identifier and authentication method in two separate steps. For example, when you authenticate to Google websites, you enter your email first, click Next, and then enter your password.
This two step approach lets you customize a user's experience depending on the identifier they entered:
When a user enters a corporate email (for example,
firstname.lastname@example.org), you can redirect them to acme.com’s corporate login page.
If a user enters an email for a personal account, you can prompt them for their password.
To enable Identifier First, login to the Auth0 Dashboard and go to the Universal Login page. In the settings tab, under Customization, choose Identifier First. If you are using New Universal Login and you enable Identifier First, by default the connection buttons will not be shown on the login page.
Home Realm Discovery
When a user enters their email, Auth0 will check if the domain matches one from a registered Enterprise Connection. If there's a match, Auth0 redirects the user to the enterprise identity provider’s login page. If the domain doesn't match, the user is prompted to enter their password. This is also known as Home Realm Discovery (HRD).
New Universal Login
You can define Identity Provider domains for Home Realm Discovery on the Login Experience tab for each Enterprise Connection. Each connection can have a maximum of 1000 domains. If you need more, please contact support.
On this tab you can also choose to display a button in the login page, in addition or instead of using the Identity Provider domains.
Classic Universal Login
You can configure the domains for each Enterprise Connection in the IdP Domains field: