<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Improve the Usability of Okta and Enhance the End-User Experience with IdP Discovery.
Jul 24, 2025
Single Sign-On
Okta Classic Engine

IdP Discovery is the long-awaited feature that enables companies to streamline the login process for users with multiple Identity Providers.

  • IdP Discovery redirects users to different identity providers based on specified criteria.
  • With this feature, users will automatically be routed to the proper IdP based on user context.
  • IdP Discovery redirects users to different identity providers based on specified criteria.
  • Using Identity Provider Discovery, users can authenticate from an app using an SP-initiated flow to the "hub" organization which uses Identity Provider Discovery to authenticate into the "spoke" organization seamlessly.


Best Practices
 

  • Route user by device type and OS when utilizing an MDM solution such as AirWatch or MobileIron. This enables authentication against the MDM for users from mobile devices, whereas users from non-mobile devices would not be authenticated in this manner.
  • Route users by network zone to differentiate the authentication process. Users on the network may be authenticated one way, while users off the network may be authenticated in another way.
  • Target Application routing allows routing based on which applications the user is trying to gain access to.
  • Use email domain routing in B2B or B2E cases when federating with partners that possess their own IdPs with distinct email domains.
  • UD Profile Attributes routing is a best practice for conglomerates where everyone shares the same email domain, but each division has its own Okta organization.


 

Recommended content

Still looking for help?
Loading
Improve the Usability of Okta and Enhance the End-User Experience with IdP Discovery.