FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Limit login for SAML and OIDC to a given email domain

    Scheduled Pinned Locked Moved
    Q&A
    domain limits sso saml oidc
    0
    2
    948
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      I want to limit use of an OIDC or SAML provider to a certain domain or set of domains. For instance, I want my employees to login via a different identity provider, but my customers to login straight against FusionAuth. How can I implement this?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        Use the managed domains feature. From the docs:

        Adding one or more managed domains for this configuration will cause this provider not to be displayed as a button on your login page. Instead of a button the login form will first ask the user for their email address. If the user’s email address matches one of the configured domains the user will then be redirected to this login provider to complete authentication. If the user’s email address does not match one of the configured domains, the user will be prompted for a password and they will be authenticated using FusionAuth.

        Documentation:

        https://fusionauth.io/docs/v1/tech/identity-providers/samlv2/

        https://fusionauth.io/docs/v1/tech/identity-providers/openid-connect/

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post