Improved login for SaaS users
Home Realm Discovery for organisations and multi-organisation selection
Businesses are discerning customers and they need your application to work with every part of their Identity stack. In a bygone era, their users might tolerate a clunky login experience when accessing the SaaS applications that they need to get their job done, but now they’re expecting the same low-friction experience that they have with the consumer apps they use every day. This is true whether they’re accessing your application via their Workforce Identity dashboard, like Okta Workforce Identity Cloud, or navigating directly to your website.
You also need to support complex use-cases where a single user, like a consultant, has multiple business’ organisations they need to access. With our new Improved Login for SaaS Users, we’ve got you covered.
Home Realm Discovery for organisations
Home Realm Discovery (HRD) is the process of identifying which Identity provider (IdP) the user belongs to before authenticating them. So, when I sign into an application with HRD with my @okta.com email address, it knows to forward me to Okta’s installation of Okta Workforce Identity Cloud (WIC).
Now, Okta Customer Identity Cloud (CIC) looks at all the different IdP connections associated with Organisations in your tenant, and forwards the enterprise user to the one corresponding to their email identifier. If the IdP authenticates them as a known user, Okta CIC will issue a JSON Web Token (JWT) with the corresponding organisation ID that the connection was associated with in your tenant.
Multi-organisation selection prompt
There are many reasons for a user to be a member of multiple organisations. However, your application needs to understand which business data sets they should be accessing. Getting this wrong can lead to data leaking across tenants, an embarrassing and costly problem in a SaaS application. Our new Multi-Organisation Selection Prompt guides the user to the tenant they want to work in to quickly get them into your application.
After a user has gone through Home Realm Discovery or a username/password database login, we query the connection to pull the different organisations the user is a member of into the login process. If there is more than one, we show a simple selection prompt to the user to allow them to pick which organisation they want to work in. If the user only belongs to one organisation, we forward them to the application with the appropriate organisation ID.
If your application supports independent users with no organisation, don’t worry. We have them covered as well! They can either select their personal account or an organisation where they have membership. If they only have a personal account, we forward them to the application without asking them to choose an organisation.
Getting this setup takes a matter of minutes. Check out our documentation to get started. With a tenant configuration and some application settings, you can start to utilise this in your business-to-business app. Have any questions? We’re happy to help in the Okta Customer Identity Cloud developer community or you can reach out to your technical account manager to learn more.