ozanO
ZITADEL4w ago
11 replies
ozan

loginname suffix + multi-org user flows → confusing login UI (v1)

Disclaimer: After writing this myself, I passed it through an LLM to format it so that it's easier to read.

Setup

* One ZITADEL instance with multiple orgs:
* OurOrganisation (default)
* No verified domain set
* Using the default domain: ourorganisation.id.ourorganisation.com (created with the instance)
* B2BPartner1
* Verified domain: partner1.org
* B2BPartner2
* Verified domain: partner2.org
* Two onboarding flows:
* B2B onboarding
* Example: Partner1 users should end up in B2BPartner1
* B2C onboarding
* Example: random@user.com should end up in OurOrganisation

Requirement

We want to support users with emails from a partner’s verified domain (e.g. partner1.org) in both flows:
* If onboarded via B2B flow → user should be in B2BPartner1
* If onboarded via B2C flow → user should be in OurOrganisation

What we did

We enabled suffixing of login names with the org domain (so same email domain can exist in multiple orgs without domain reservation conflicts).

Problem (Login UI v1 confusing for users with multiple accounts)

Given a user email: random.user@partner1.org

* They are onboarded into B2BPartner1 via B2B flow
* They are also onboarded into OurOrganisation via B2C flow
* They visit the login UI (v1) at: id.ourorganisation.com

They see two login options like:
* random.user@partner1.org
* random.user@partner1.org@ourorganisation.id.ourorganisation.com

That second entry is going to be confusing to our users.

Attempted fix

In Appearance → Branding, I enabled “hide loginname suffix (and double-checked it’s not overridden by instance defaults, but it doesn’t seem to help.

Question

I suspect I’m missing something; I tried to write this as a reproducible description (also to rubber duck myself in the process) and can add more details if needed.

Thanks!
Was this page helpful?