I have seen several companies that support SAML have this message on their login page.
“Using SAML? Provide just your email and sign in.”
What end point can I call to see if I user is an okta user or not?
When I use the signin widget it returns essentially the same thing if the user unkown or if it is a valid user with a bad password. I get why it does that for security… but how do I know when user does’nt want to use the sign in widget :s
Bad User
{“errorCode”:“E0000004”,“errorSummary”:“Authentication failed”,“errorLink”:“E0000004”,“errorId”:“oaenPpIf4QvRvGi-zj0JLvC1w”,“errorCauses”:[]}
Good User, Bad Password
{“errorCode”:“E0000004”,“errorSummary”:“Authentication failed”,“errorLink”:“E0000004”,“errorId”:“oae5H7D3hZ0QfywtG2cuXL0UA”,“errorCauses”:[]}
Suppose an user accesses your system from a brand new machine or using an incognito browser, in other words, there are no cookies, your system would not know who the user is, and cannot decide which widget to show. It sounds like you need to provide both links and let the user decide.
Now, if the user has logged in before, and there is a valid session cookie on the user’s browser, there is no need to ask the user to log in, so no widget should be shown.
In other cases, you can use a cookie indicating how did the user log in last time to help your system decide how to log the user in next time.
Asking email address in the first step, and looking up the email address in the backend to decide which widget to use would work if the email only exists in one directory and not the other.
If anybody else reads this and has questions about the sign on widget DM me for questions. I have a custom jquery single page app and php backend. If that is similar to your setup and are stuck please hit me up.