Users from IdP are always assigned to default org instead of correct org based on domain
HI @all,
I am using an IdP for login, and I have multiple organizations. Can anyone help me assign users to the correct organization based on the email domain (or from the organization’s metadata)?
For example, through the IdP I will have:
jo@abc.com
→ should go to org abc
alice@def.com
→ should go to org def
Currently, both users are being assigned to the default organization.
How can I fix this so that users are automatically assigned to their respective organizations through idp login?
Is there any setting i need to enable or is there anyway i can update organization id through action.
1 Reply
Hi @vpk, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. [Configure ZITADEL for your Scenario] (1) :
Describes how to use organization domains in scopes to trigger organization-specific login behavior, which may help steer users to the correct org during authentication. 2. [Actions: Access organization metadata in external authentication flow] (2) :
Discusses using organization metadata and Actions to handle dynamic mappings during external authentication flows, which could potentially be adapted to assign users based on email domain. To learn more, see the sources I considered: [1] Configure ZITADEL for your Scenario [2] Actions: Access organization metadata in external authentication flow Feel free to tag @Ask Inkeep with additional questions.
Describes how to use organization domains in scopes to trigger organization-specific login behavior, which may help steer users to the correct org during authentication. 2. [Actions: Access organization metadata in external authentication flow] (2) :
Discusses using organization metadata and Actions to handle dynamic mappings during external authentication flows, which could potentially be adapted to assign users based on email domain. To learn more, see the sources I considered: [1] Configure ZITADEL for your Scenario [2] Actions: Access organization metadata in external authentication flow Feel free to tag @Ask Inkeep with additional questions.