Passwordless Login Not Triggered using the New Universal Login with Identifier First Profile

This article addresses an error that occurs when attempting to use passwordless login with the New Universal Login (UL) and an enterprise connection. When a user enters an email address that does not match a configured enterprise connection domain, the passwordless flow is not initiated. Instead, the following error is displayed:

Email does not match any enterprise directory

• New Universal Login
• Passwordless Login
• Enterprise Connections
• Identifier First Authentication Profile

The New Universal Login (UL) page requires that the connection parameter, with a value of email or sms, be sent with the authorize request to initiate a passwordless flow. When this parameter is absent, the system defaults to performing home realm discovery for any configured enterprise connections. If the user's email domain does not match a configured enterprise connection, the process fails and triggers the error.

To resolve this issue, the application must be configured to send the connection parameter with the authorize request.

1. Modify the application to send the connection parameter with the value email or sms in the authorize request. For detailed instructions, see Update Your Application to Use Passwordless with Universal Login.

   • To support both enterprise and passwordless connections from the same application, implement a method to programmatically decide when to send the connection parameter. For example, add a separate login button for passwordless users that triggers an authorize call including this parameter.

2. Alternatively, use the Classic Universal Login experience with a custom implementation of home realm discovery. This allows the system to direct the request to the appropriate connection (enterprise or passwordless). For an example implementation, refer to this Auth0 Community thread.