Multiple Identity Providers across different organizations
guys, can we show only the organization's identity providers on the login page based on the URL that's being called?
I added custom domains to my instance (so I can acess it through iam.domain.com, client1.iam.domain.com, client2.iam.domain.com and etc), but when I access the login page I can only see the default identity provider that was configured on the default org.
For example, I see that we have this on the docs (screenshots attached of everything), and I configured 3 different IDP throughout my orgs, but any custom domain that I use to try to login shows me only the Zitadel's configured IDP. Is it possible to configure it this way?
@Matías I know you were talking to me yesterday so I'm gonna tag you here hehe
4 Replies
Hey @Perrotti, that screenshot you sent that mentions the
urn:zitadel:iam:org:id:{id} is the key, it should enforce the org context, so that the login page shows the available IdPs and enforces the login policy serttings for that specific organization. Are you sending this scope in the request to {your_domain}/oauth/v2/authorize?can I do that without passing a client id? I'm messing with the OIDC playground here, but I didn't want to have to create a project with an app there just to be able to use the login page of the org 😦
also, it works when I pass a client_id and the org id on the URL, but then I get {"code":5, "message":"Not Found"} when trying to complete the login flow using github
(didn't test with other IDPs for now)
No 🤔 to test an interactive login flow and set the organization context, you need a valid OIDC request with the required params (cliend_id, redirect_uri, scopes, etc). You can set the organization context when logging in to the Zitadel console for example (/ui/console/login), you will only have two options there, see the instance login, or the default org login, nothing else.
That's weird. I haven't set up a social github connection for testing 🤔 what if you create a local user (email and password) in your organization and try that way? Also, do you have the same issue with the other two organizations using Entra? Just to understand if the issue is the github integration, or something else. If you want, you can send me network trace (HAR file) via DM and I can take a look
same thing... local user, I can log in, change the default password, attach an MFA device, but when I log in in the end it just says not found
apologies, forgot to answer the second part... Entra ID doesn't work as well, only if I set it up on the default org, then everything looks good