<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

Behavior of login_hint in OIDC and SAML IDP Connections

Last Updated:

Okta Identity Engine
API Access Management

Overview

This article clarifies the behavior of the login_hint parameter when used in OpenID Connect (OIDC) Identity Provider (IdP) flows compared to Security Assertion Markup Language (SAML) connections.

Applies To

  • OpenID Connect (OIDC)
  • Security Assertion Markup Language (SAML)
  • Identity Provider (IdP) routing
  • Okta Identity Engine (OIE)

Solution

The login_hint parameter behaves differently depending on the connection type:

  • OIDC IdP flow: When the request passes the login_hint, the flow does not skip the initial username screen. The application displays the initial screen with a pre-populated username.

oidc_login_hint 

  • SAML connection: When the request passes the login_hint, the flow skips the initial screen asking for the username and displays the next screen.

saml_login_hint 

Recommended content

Still looking for help?
Loading
Okta Support - Behavior of login_hint in OIDC and SAML IDP Connections