loginname suffix + multi-org user flows → confusing login UI (v1)
⚙️Configuration🏬Self-hosted🪵Login❓Question✅Solved
Disclaimer: After writing this myself, I passed it through an LLM to format it so that it's easier to read.
* OurOrganisation (default)
* No verified domain set
* Using the default domain:
* B2BPartner1
* Verified domain:
* B2BPartner2
* Verified domain:
* Two onboarding flows:
* B2B onboarding
* Example: Partner1 users should end up in B2BPartner1
* B2C onboarding
* Example:
* If onboarded via B2B flow → user should be in B2BPartner1
* If onboarded via B2C flow → user should be in OurOrganisation
* They are onboarded into B2BPartner1 via B2B flow
* They are also onboarded into OurOrganisation via B2C flow
* They visit the login UI (v1) at:
They see two login options like:
*
*
That second entry is going to be confusing to our users.
Thanks!
Setup
* One ZITADEL instance with multiple orgs:* OurOrganisation (default)
* No verified domain set
* Using the default domain:
ourorganisation.id.ourorganisation.com* B2BPartner1
* Verified domain:
partner1.org* B2BPartner2
* Verified domain:
partner2.org* Two onboarding flows:
* B2B onboarding
* Example: Partner1 users should end up in B2BPartner1
* B2C onboarding
* Example:
random@user.comRequirement
We want to support users with emails from a partner’s verified domain (e.g.partner1.org* If onboarded via B2B flow → user should be in B2BPartner1
* If onboarded via B2C flow → user should be in OurOrganisation
What we did
We enabled suffixing of login names with the org domain (so same email domain can exist in multiple orgs without domain reservation conflicts).Problem (Login UI v1 confusing for users with multiple accounts)
Given a user email:random.user@partner1.org* They are onboarded into B2BPartner1 via B2B flow
* They are also onboarded into OurOrganisation via B2C flow
* They visit the login UI (v1) at:
id.ourorganisation.comThey see two login options like:
*
random.user@partner1.org*
random.user@partner1.org@ourorganisation.id.ourorganisation.comThat second entry is going to be confusing to our users.
Attempted fix
In Appearance → Branding, I enabled “hide loginname suffix” (and double-checked it’s not overridden by instance defaults, but it doesn’t seem to help.Question
I suspect I’m missing something; I tried to write this as a reproducible description (also to rubber duck myself in the process) and can add more details if needed.Thanks!
