Allow redirection to idp when user email matches any of the org domains

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> Co-authored-by: Martin Panzer <martin.panzer@active-logistics.com> Closes #33804
2026-05-07 23:50:03 -05:00 · 2025-03-27 17:38:10 -03:00
parent b211391e02
commit c4c3e2eee6
8 changed files with 85 additions and 17 deletions
@@ -43,14 +43,16 @@ Hide on login page::
 If this identity provider should be hidden in login pages when the user is authenticating in the scope of the organization.

 Redirect when email domain matches::
-If members should be automatically redirected to the identity provider when their email domain matches the domain set to the identity provider.
+If members should be automatically redirected to the identity provider when their email domain matches the domain set to the identity provider. If the domain is set to `Any`, members whose email domain matches *any* of the organization domains will be redirected to the identity provider.
+
+If the org is linked with multiple identity providers, the organization authenticator prioritizes the provider that matches the email domain of the user for automatic redirection. If none is found, it tries to locate one whose domain is set to `Any`.

 Once linked to an organization, the identity provider can be managed just like any other in a realm by accessing the *Identity Providers* section in the menu. However, the options herein described are only available when managing the identity provider in the scope of an organization. The only exception is the
 *Hide on login page* option that is present here for convenience.

 == Editing a linked identity provider

-You can edit any of the organization-related settings of a linked identity provider at any time. 
+You can edit any of the organization-related settings of a linked identity provider at any time.

 .Procedure