Improved login for SaaS users

Home Realm Discovery for organizations and multi-organization selection

Businesses are discerning customers and they need your application to work with every part of their Identity stack. In a bygone era, their users might tolerate a clunky login experience when accessing the SaaS applications that they need to get their job done, but now they’re expecting the same low-friction experience that they have with the consumer apps they use every day. This is true whether they’re accessing your application via their Workforce Identity dashboard, like Okta Workforce Identity Cloud, or navigating directly to your website. 

You also need to support complex use-cases where a single user, like a consultant, has multiple business’ organizations they need to access. With our new Improved Login for SaaS Users, we’ve got you covered.


Home Realm Discovery for organizationsqugEeef1Z50kTVwnuk2Q0ev19JhvDH8kAW3lMQ6R1NuBHw1VEA9r1LLq6Wh8qhGqFkZBid0WN9kefyby5qhi2B1sqsOxqRb6NNBFGr n76kIn96ZTivhePhAo64 vlxbRUp1xHzcp5ocb jWa5SixD8

Home Realm Discovery (HRD) is the process of identifying which Identity provider (IdP) the user belongs to before authenticating them. So, when I sign into an application with HRD with my email address, it knows to forward me to Okta’s installation of Okta Workforce Identity Cloud (WIC).

Now, Okta  Customer Identity Cloud (CIC) looks at all the different IdP connections associated with Organizations in your tenant, and forwards the enterprise user to the one corresponding to their email identifier. If the IdP authenticates them as a known user, Okta CIC will issue a JSON Web Token (JWT) with the corresponding organization ID that the connection was associated with in your tenant.

Multi-organization selection prompt

There are many reasons for a user to be a member of multiple organizations. However, your application needs to understand which business data sets they should be accessing. Getting this wrong can lead to data leaking across tenants, an embarrassing and costly problem in a SaaS application. Our new Multi-Organization Selection Prompt guides the user to the tenant they want to work in to quickly get them into your application.

 iuZooJdgRKG IYM3rAVfMjUZhWEo7qsUc sIEogAB7aNMvLeZeECWIUrfUrcSMr8EQkzqAmSICNF7T3Mj coUqqfkp7dCNxVTTfJ3X7SItcAWurM37x5DciBezJC8qJLGExazu esVMKRf0 ZmgkhY

After a user has gone through Home Realm Discovery or a username/password database login, we query the connection to pull the different organizations the user is a member of into the login process. If there is more than one, we show a simple selection prompt to the user to allow them to pick which organization they want to work in. If the user only belongs to one organization, we forward them to the application with the appropriate organization ID.

If your application supports independent users with no organization, don’t worry. We have them covered as well! They can either select their personal account or an organization where they have membership. If they only have a personal account, we forward them to the application without asking them to choose an organization.

Diving in

ZYqrGTxHZ9Mv9R aXhY MjpB5X  L KgOQKuAmtMX3mQA3kzW3qtmSjLwpZD6uHv4NHlcCYxIsHW9EA1n7nN47kFdtOEGupY 2KhYy   YzBurnUhZemtbXnQsGve IyXpuQNrhgL4a 8Eq XIyoCXc

Getting this setup takes a matter of minutes. Check out our documentation to get started. With a tenant configuration and some application settings, you can start to utilize this in your business-to-business app. Have any questions? We’re happy to help in the Okta Customer Identity Cloud developer community or you can reach out to your technical account manager to learn more.