Self-Hosted Zitadel v4.2.2: LoginV2 showing multiple accounts for the same user
After the migration to LoginV2 when logging in with a user via IDP, if a user has multiple login methods available, multiple accounts will appear as logged in, one per method. Is this expected? Is there a way to only show the user with the primary domain?
7 Replies
Hi @nandingo, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. [Login v2 username suffix not added on organization scoped login] (1) :
Describes a related scenario with LoginV2 where the username suffix is not correctly added on organization-scoped logins, which can cause multiple users with the same email to appear and lead to ambiguity. 2. [Set Primary Domain] (2) :
Explains how to set a primary domain for an organization, which may affect how usernames are displayed and selected during login. To learn more, see the sources I considered: [1] [Bug]: Login v2 username suffix not added on organization scoped login [2] Set Primary Domain Feel free to tag @Ask Inkeep with additional questions.
Describes a related scenario with LoginV2 where the username suffix is not correctly added on organization-scoped logins, which can cause multiple users with the same email to appear and lead to ambiguity. 2. [Set Primary Domain] (2) :
Explains how to set a primary domain for an organization, which may affect how usernames are displayed and selected during login. To learn more, see the sources I considered: [1] [Bug]: Login v2 username suffix not added on organization scoped login [2] Set Primary Domain Feel free to tag @Ask Inkeep with additional questions.
both of these accounts belong to the same user (in the same org), however I only logged in with the first account
Got it. Tagging @Rajat for additional help.
This might have to do with browser storage, can you try clearing it or loggin in on a guest session?
I tried that and it continues to happen. Other people using the system are also experiencing it
hello @nandingo apologies for the delay, that should not be happening, can you please share with me the steps to reproduce?
Hey, thanks for the help!
- Setup Org with new primary domain, keep the default one
- Enable "Add organization domain as suffix to loginnames"
- Add 1 Identity Provider (Google in our case)
- Login options:
- Username and Password allowed
- User Registration allowed
- ☑️ External Login allowed
- ☑️ Password Reset hidden
- ☑️ Domain Discovery allowed
- Ignore unknown Usernames
- ☑️ Disable Email Login
- ☑️ Disable Phone Login
Since domain discovery is enabled the users are being automatically redirect to Google's login without going to zitadel's login form.
Seems like zitadel is considering both user's login methods (one for each domain) as multiple users.
Let me know if you need additional info.