Hello,
I’m attempting to create a login form that uses the fields: “Username or Email” and “Password”.
I currently don’t have any restrictions set for login, but I was curious if it was possible for a user to login using their login and/or their primary_email?
That should work OOTB as long as no ambiguity exists in login username
That’s what I thought, but when I attempt to login with what’s currently in the primary_email field I get an invalid login credentials response.
My case being:
login = Username123
primary_email = john.doe@email.com
and attempting to login like:
login: john.doe@email.com
pw: *******
Of course this “should” fail because the login doesn’t directly match the field, but I haven’t seen any other way to get around it. My restrictions for login are currently set to none and the mappings are normal. Just feel like I’m missing something…
Spoke with some folks from the support team and the official answer I received was “No, the users can log in only with the login variable.” So unfortunately this type of ux is not possible with okta right now.
There’s no built in way to support this type of login flow but it’s feasible to do this with custom code and, potentially, using the processCreds function in the Sign In Widget. You would have to self-host your own sign in page or modify the Okta hosted custom sign in page (provided you have a custom URL domain configured for your Okta org), as primary authentication to Okta requires their login/username be provided.
In theory, the way this could work is that your sign in page would accept the email for authentication and, before making the /authn call to Okta, look up the user that has the provided email as their primary email, and use their username instead in the /authn request.