IDP discovery in ACP
Get familiar with the IDP discovery feature that comes shipped with Authorization Control Plane (ACP) and allows you to enhance the user experience and improve the login process for your users.
IDP discovery in a nutshell
IDP discovery is one of the ACP’s features aimed at improving the user experience for the login process. It allows to configure a set of email domains for an IDP. Based on that list, the user is suggested and optionally redirected to an appropiate authentication endpoint.
A lack of email domain assigned to a specific IDP means that the IDP is available for every user trying to log in to the application. It means that this IDP appears every time for suggested IDPs.
It is possible to configure a given email domain only for one identity provider. If a user tries to add a domain that is already defined for a different IDP, a conflict message is displayed with information for which IDP the given domain is already defined.
For static (sandbox) IDPs it is impossible to enable instant redirect. Additionally, for the IDP discovery to work, the username must contain an email domain.
Enable IDP discovery
To enable IDP discovery for your IDPs:
Go to Admin Portal > Identities.
Select either Standard Sign in (that allows the users to sign in with any active IDP connections) or Identity Provider (IDP) Discovery.
To enable IDP discovery for a given IDP, go to its settings and select
Once IDP discovery is enabled, you can configure a set of domains for a given IDP connection.
Provide a set of email domains in your IDP settings Admin Panel > Identities > Your IDP > Configuration
You can see that the IDP from the screenshot has two email domains added:
Instant redirect is enabled. Once the user tries to log in using either of the domains, they are instantly redirected to the log in page of this page.
- Get familiar with more features that improve the login process user experience by visiting the Smart ACP login portal