Open konvergence opened 1 year ago
mooreds
commented
1 year ago @konvergence you can disallow password logins by having a transactional webhook which looks at the authenticationType and fails if it is PASSWORD. https://fusionauth.io/docs/v1/tech/events-webhooks/events/user-login-success
konvergence
commented
1 year ago @mooreds This allow to block the password tentative. But not the display of fields into the login page
mooreds
commented
1 year ago Agreed. That can be modified using a theme, though as you mention, that can be bypassed with the bypassTheme parameter.
konvergence
commented
9 months ago Hi,
May be you could add an option "disable password" into the Tenant password policy ? This will allow to disable password field into the logon screen
Add app option: restrict login to identity providers
Problem
There is no way to limit login to identity providers only.
By default, the list of IdPs associated with an application is displayed on the login page. But the loginid/password fields are still displayed.
If I associate domains on IdP, only the loginId field is displayed. But when a user enters an email that does not belong to the associated domain, the password field appears.
Solution
Add app-level option: use identity provider only
Alternatives/workarounds
All workarounds suggest using a custom login page. But the approach is not secure. Because you can use &bypassTheme=true to use the default theme
Additional context
N/A
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.