This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 8%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED3%3C/text%3E%3C/svg%3E)
Hello,
For a direct Login with OpenID Connect the domain_hint can be used to select the provider. Is there a similar option for a SAML flow to directly select the provider?
Hi @DisplayName-3010 • Thank you for reaching out.
To use Domain Hint in SAML, the SAML authentication request must contain either a domain hint or a query string whr=example.com"
To include the domain hint in the SAML request, you should use the Scoping XML node, and include a single entry IDPEntry under the IDPList (at this time, only the first IDPEntry node is used by Azure AD). Here’s an example of what the request would look like with “example.com” as the domain name hint:
<samlp:AuthnRequest xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="iddeb9381bc15e4fd6a253b97205d47c6f" Version="2.0" IssueInstant="2015-02-26T18:57:06.4772751Z" IsPassive="false" AssertionConsumerServiceURL="https://www.authnauthz.com/saml/inboundauthnresponse" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer>https://www.authnauthz.com</saml:Issuer>
<samlp:Scoping>
<samlp:IDPList>
<samlp:IDPEntry ProviderID="https://example.com" Name=”example.com”/>
</samlp:IDPList>
</samlp:Scoping>
</samlp:AuthnRequest>
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.