FHi - I think there are two way of tackling this.
Domain Discovery could be used to figure out what organization the user belongs to (if the user uses as certain mail domain)
Or you could ask the user for his domain before redirecting and then pass along the primary domain scope to zitadel.
Domain Discovery could be used to figure out what organization the user belongs to (if the user uses as certain mail domain)
Or you could ask the user for his domain before redirecting and then pass along the primary domain scope to zitadel.
FAt least thats what i understood, if you are into it we can hop in a call and figure out your case (maybe i missed something 
)
)
F@ShedarJard Not completely sure if I understood you correct. But what I understand is that it works correctly on an instance level but not on the organization level. You can set the default redirect url on you instance settings in the login behaviour. And then you can overwrite it for each organization in the settings. per default we will just take the instance setting if you do not have overwritten it.
Fah I just reread your message. You mean that if you call ui/console the user should also be redirected to the default redirect url?
FI just quickly explain what the default redirect url is for. The default use case is that a user opens an application, the application makes an authorization request to zitadel, zitadel authenticates the user and redirects back to the requested redirect url (requested in the authorization request and configured on your application). The default redirect url is for all the usecases where ZITADEL doesn't have a authorization request from an application. e.g. password reset, user activation, so ZITADEL redirect to the default redirect url instead.
FIt would be wrong to open an application an be redirected to another application in the end. This flow is from the standard oidc
FIf I understood you correctly if you are requesting /ui/login this would work
FYou are right. We will have a look at it
FI checked it again. If you have set a default redirect url on your instance. And you call ui/login you will be redirected to the default redirect url.
FThis does not work on an organization level, because we don't know which organization we should trigger