xgp
commented
2 months ago if you use a prompt=login with an idp hint, it will force the user to log into the "org B" IdP. That does not end the session with the "org A" IdP.
Closed lsmith77 closed 2 months ago
xgp
commented
2 months ago if you use a prompt=login with an idp hint, it will force the user to log into the "org B" IdP. That does not end the session with the "org A" IdP.
lsmith77
commented
2 months ago Ah sweet.
Is this what is documented here https://phasetwo.io/docs/sso/sso-without-auth#add-identity-provider-redirect-to-your-application ?
If so should I send a doc PR to also add a link to this on https://phasetwo.io/docs/organizations/identity-providers ?
xgp
commented
2 months ago Yes. That specific documentation is for helping people who are only using it for external IdP auth, but the same applies. Feel free to PR the link to the idp docs. Thanks!
I was looking over https://phasetwo.io/docs/organizations/identity-providers
P2 supports org specific IDP's, which is exactly what we need.
So if a user logs into org A's custom IDP but then wants to work within org B, we can detect which IDP was used in our app by introspecting the token. So in that situation we would then want to ask the user to authenticate against org B's custom IDP without logging the user out of org A's custom IDP so that users can switch back and forth.
I do not see how this is possible right now. So right now we would need to logout the user from org A and send them to the login on the domain for org B to login.
Or am I missing something?