Pre-select an identity provider on login
So my use case is the following:
I have my own landing page which has a login button and redirects to Zitadel login page, what I would like to chang is to have instead the following buttons:
- Login with password
- Login with Microsoft
And each button sending a customQueryParam to Zitadel login page which is used to trigger automatically the correct auth method.
For example in keycloak I can provide "kc_idp_hint": "local" to trigger password login or "kc_idp_hint": "microsost-entra-idp-id" to trigger the microsoft login without the user seeing anything else.
Is that something considered? Should I create an issue in Github instead?
5 Replies
hey @pbechliv yes you are right about
kc_idp_hint you can achieve similar behaviour with domain discoveryZITADEL Docs
This guide should explain how domain discovery works and how to configure it in ZITADEL.
hi @pbechliv I looked further, you can use one of the reserved scope along with the idp id to redirect to the configured IDP for the user
https://zitadel.com/docs/apis/openidoauth/scopes#:~:text=urn%3Azitadel%3Aiam%3Aorg%3Aidp%3Aid%3A76625965177954913,be%20able%20to%20identify%20the%20identity%20provider.
urn:zitadel:iam:org:idp:id:{idp_id}Thank you for looking into it @Rajat ! I am gonna test it out, looks promising 🙂
🎉 Looks like you just helped out another community member! Thanks for being so helpful <@1346540274674827395>! You're now one step closer to leveling up—keep up the amazing peer support! 🚀
@Rajat tested it and does exactly what I expected, marked your answer with a check. Thank you!