NIcholasI.94400 (Customer) asked a question.
Trying to figure out how to display the list of IDPs defined in an Authentication Policy on the SignOn Screen instead of the username selector. Currently I have to enter in a dummy username to get to the next screen where it shows the list of IDPs I have defined. Is this a widget configuration or something else?
The docs(https://help.okta.com/en-us/content/topics/security/configure-routing-rules.htm)
If you want to prompt users for their Okta username and password on the same page as your list of available IdPs, configure your Okta sign-on policy so that users establish a session with Password / Any IdP. This combination is recommended for your rules that offer Okta as an IdP or if you intend to prioritize the default routing rule.
So it sounds like it is possible to display the IDPs on the login screen, but no amount of configuration seems to work.
Is there an example somewhere?
Thanks
Nicholas
Hi @NIcholasI.94400 (Customer) , Thank you for reaching out to the Okta Community!
As it stands right now, there is no out-of-box solution for this use case.
Okta's default behavior, particularly when you have routing rules configured, is to first ask for a username (or email). This is because Okta needs to know who the user is to determine where they should authenticate.
The "dummy username" you're entering is essentially triggering this IdP Discovery process, allowing Okta to then show you the available IdPs after it figures out the potential authentication paths based on the routing rules.
The documentation you quoted ("Password / Any IdP") implies that it's possible to have Okta as an option alongside other IdPs after the initial routing, but it doesn't mean it removes the initial username prompt.
For advice on potential Okta Sign-in Widget customization, I recommend reaching out to our developer colleagues on devforum.okta.com.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Just released: More Okta Community badges just added
Thanks. Will ask the folks over at that forum if there is a way to do this.
I noticed in my WS-FED integration with Okta, when I come from Microsoft to Okta it bypasses the username prompt but I am assuming that is because it is passing a login_hint. Will check that out, but ideally I need to be able to select an IDP without presenting the prompt.
This forum seems to be protected by Auth0 and exhibits the behaviours I desire, as it first prompts me to select an IDP, and then remembers my previous sign ins on another page.
To my knowledge there isnt a way to do this dynamic today without building a custom widget page.
But you should be able to manually define IDPs in your okta-hosted widget config, There is a section for IDPs. https://developer.okta.com/docs/guides/add-an-external-idp/saml2/main/#okta-sign-in-widget
if that doesnt work you can also try this:
You can use this link to directly trigger an IDP login:
https://{tenantName}.oktapreview.com/sso/idps/{idpID}
then you can add those as a link on the login form