How can I configure Microsoft Entra External ID to redirect users directly to a specific IdP instead of showing the list of all configured IdPs?

Question

How can I configure Microsoft Entra External ID to redirect users directly to a specific IdP instead of showing the list of all configured IdPs?

Sandeep Gaur 25

I’m using Microsoft Entra External ID and have configured three identity providers (IdPs). Instead of displaying the list of all IdPs for the user to choose from, I want to automatically redirect users to a specific IdP based on certain conditions (e.g., domain, query parameter, or a direct link). Is there a way to achieve this behavior?

Thanks,

Sandeep gaur

Rukmini 3,926 Reputation points Microsoft External Staff Moderator

2025-06-05T10:45:23.0366667+00:00
Hello Sandeep Gaur, To prepopulate or redirect users directly to a specific IdP by appending query parameters to the authentication request:

domain_hint: Suggests the domain of the user to streamline the sign-in process.

idp: Specifies the identity provider to be used for authentication.

Refer this Microsoft Document: Set up direct sign-in using Azure Active Directory B2C | Microsoft Learn

Otherwise, for more granular control over the authentication process, including routing users to specific IdPs based on custom logic you can implement Custom Policies using the Identity Experience Framework (IEF). Refer: Azure Active Directory B2C custom policy overview | Microsoft Learn

Let me know if any further queries - feel free to reach out!
Rukmini 3,926 Reputation points Microsoft External Staff Moderator

2025-06-06T10:48:32.83+00:00

Hello Sandeep Gaur, Did you a get a chance to review the above comment? In case if you have any resolution, please do share that same with the community as it can be helpful to others Please let us know if any further queries so that we can try to help!
Sandeep Gaur 25 Reputation points

2025-06-07T09:01:29.72+00:00

Thank you for your response. However, I believe this approach may not fully address our issue. To provide some context: we were previously using ADFS to redirect clients to their respective IdPs based on the whr parameter. We are now exploring the capabilities of Microsoft External ID to determine whether it's possible to redirect users directly to their IdP, rather than presenting a list of all available options.

Please note that we are specifically working with Microsoft External ID, and we have already reviewed the available options within Entra B2C.
Mallikarjuna Vardham 450 Reputation points Microsoft External Staff Moderator

2025-06-09T16:26:26.0833333+00:00

Hello Sandeep Gaur,
You're correct. Microsoft Entra External ID doesn't currently support automatic redirection like ADFS using the whr parameter. However, if you know the user's IdP in advance, you can still redirect them directly by using the idp parameter in the login URL

https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize?...&idp={IdP-ID}
Sandeep Gaur 25 Reputation points

2025-06-09T16:51:21.2766667+00:00

Thanks for the suggestion. I’ve already tried that approach, but unfortunately, it didn’t work in my case. Could you please share the official documentation for reference?
PRATIK JADHAV 170 Reputation points Microsoft External Staff Moderator

2025-06-10T15:54:53.5133333+00:00

Hello @Sandeep Gaur,

Could you please confirm what are you using built-in user flows or have you implemented custom policies (IEF) in Entra External ID?
Sandeep Gaur 25 Reputation points

2025-06-10T16:51:23.8066667+00:00

As far as I know, custom policies are not supported in Entra External ID, unlike Entra B2C. Therefore, we are using built-in user flows.
Rukmini 3,926 Reputation points Microsoft External Staff Moderator

2025-06-11T06:46:22.36+00:00

Hello Sandeep Gaur Microsoft Entra External ID does not support dynamic or auto-redirect design akin to ADFS/B2C whr/domain_hint. The only option is a static IdP hint via the idp parameter in the auth URL, otherwise, users will see the full IdP selection screen
Sandeep Gaur 25 Reputation points

2025-06-11T06:59:01.6566667+00:00

Thanks, Could you please provide the official documentation that explains how to pass the Identity Provider (IdP) identifier as a parameter in auth url?
Rukmini 3,926 Reputation points Microsoft External Staff Moderator

2025-06-11T11:44:34.2866667+00:00

Hello Sandeep Gaur, We will check internally and get back to you shortly!
Josh Dinndorf 61 Reputation points

2025-08-27T18:09:31.72+00:00

Did anyone get this to work with the IDP param? or domain_hint?

1 answer

Your answer

Rukmini 3,926 Reputation points Microsoft External Staff Moderator

2025-06-05T10:45:23.0366667+00:00

Hello Sandeep Gaur, To prepopulate or redirect users directly to a specific IdP by appending query parameters to the authentication request:

domain_hint: Suggests the domain of the user to streamline the sign-in process.

idp: Specifies the identity provider to be used for authentication.

Refer this Microsoft Document: Set up direct sign-in using Azure Active Directory B2C | Microsoft Learn

Otherwise, for more granular control over the authentication process, including routing users to specific IdPs based on custom logic you can implement Custom Policies using the Identity Experience Framework (IEF). Refer: Azure Active Directory B2C custom policy overview | Microsoft Learn

Let me know if any further queries - feel free to reach out!
Rukmini 3,926 Reputation points Microsoft External Staff Moderator

2025-06-06T10:48:32.83+00:00

Hello Sandeep Gaur, Did you a get a chance to review the above comment? In case if you have any resolution, please do share that same with the community as it can be helpful to others Please let us know if any further queries so that we can try to help!
Sandeep Gaur 25 Reputation points

2025-06-07T09:01:29.72+00:00

Thank you for your response. However, I believe this approach may not fully address our issue. To provide some context: we were previously using ADFS to redirect clients to their respective IdPs based on the whr parameter. We are now exploring the capabilities of Microsoft External ID to determine whether it's possible to redirect users directly to their IdP, rather than presenting a list of all available options.

Please note that we are specifically working with Microsoft External ID, and we have already reviewed the available options within Entra B2C.
Mallikarjuna Vardham 450 Reputation points Microsoft External Staff Moderator

2025-06-09T16:26:26.0833333+00:00

Hello Sandeep Gaur,
You're correct. Microsoft Entra External ID doesn't currently support automatic redirection like ADFS using the whr parameter. However, if you know the user's IdP in advance, you can still redirect them directly by using the idp parameter in the login URL

https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize?...&idp={IdP-ID}
Sandeep Gaur 25 Reputation points

2025-06-09T16:51:21.2766667+00:00

Thanks for the suggestion. I’ve already tried that approach, but unfortunately, it didn’t work in my case. Could you please share the official documentation for reference?
PRATIK JADHAV 170 Reputation points Microsoft External Staff Moderator

2025-06-10T15:54:53.5133333+00:00

Hello @Sandeep Gaur,

Could you please confirm what are you using built-in user flows or have you implemented custom policies (IEF) in Entra External ID?
Sandeep Gaur 25 Reputation points

2025-06-10T16:51:23.8066667+00:00

As far as I know, custom policies are not supported in Entra External ID, unlike Entra B2C. Therefore, we are using built-in user flows.
Rukmini 3,926 Reputation points Microsoft External Staff Moderator

2025-06-11T06:46:22.36+00:00

Hello Sandeep Gaur Microsoft Entra External ID does not support dynamic or auto-redirect design akin to ADFS/B2C whr/domain_hint. The only option is a static IdP hint via the idp parameter in the auth URL, otherwise, users will see the full IdP selection screen
Sandeep Gaur 25 Reputation points

2025-06-11T06:59:01.6566667+00:00

Thanks, Could you please provide the official documentation that explains how to pass the Identity Provider (IdP) identifier as a parameter in auth url?
Rukmini 3,926 Reputation points Microsoft External Staff Moderator

2025-06-11T11:44:34.2866667+00:00

Hello Sandeep Gaur, We will check internally and get back to you shortly!
Josh Dinndorf 61 Reputation points

2025-08-27T18:09:31.72+00:00

Did anyone get this to work with the IDP param? or domain_hint?

Answer 1

Deepanshu katara 17,420 MVP Moderator

Hello Sandeep, Welcome to MS Q&A

To automatically redirect users to a specific Identity Provider (IdP) in Microsoft Entra External ID based on certain conditions, you can leverage the authentication flow and conditional access features. Here are some steps you can consider:

Conditional Access Policies: Use Conditional Access policies to define rules that determine which IdP a user should be redirected to based on specific conditions such as domain or query parameters.

Direct Sign-On: Configure direct sign-on for federated applications. This allows users to be automatically redirected to the appropriate IdP based on the application's configuration.

Custom Authentication Flows: Implement custom authentication flows that evaluate the user's context (e.g., domain, query parameters) and redirect them to the appropriate IdP.

For more detailed guidance, you can refer to the Authentication and Conditional Access for External ID documentation.

Please check and let us know if any further ques

Kindly accept answer if it helps

Thanks

Deepanshu

Sandeep Gaur 25 Reputation points

2025-05-28T08:49:51.0866667+00:00

Thank you for your response. I believe Conditional Access Policies are only applicable for B2B scenarios. I am seeking information for B2C. When using federated authentication with SAML/WS-Fed, I can select the domain while adding the identity provider. However, this option is not available for OpenID Connect.

Could you please provide documentation on Direct Sign-On and Custom Authentication Flows?
Piotr Stempkowski 5 Reputation points

2025-08-05T07:55:49.8666667+00:00

Hi,

Following up on this thread — I'm currently working on integrating MSAL Python with Microsoft Entra External ID (CIAM), and I'm trying to achieve direct redirect to a known IdP, like Google, without prompting the user for their email first.

The MSAL Python team wasn't sure whether this scenario is officially supported and recommended that I check here.

Is there an officially supported way to perform a direct sign-in to a known IdP (e.g., Google) from an external app using MSAL / Entra?

If idp=google.com is still valid in some flows, could you please confirm the context in which it's supported and whether it's safe to use in production?

https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/842#issuecomment-3141781515

Thanks in advance!
Josh Dinndorf 61 Reputation points

2025-08-27T21:42:04.26+00:00

Anyone ever figure this out? utilize the idp / domain hint?

Share via

How can I configure Microsoft Entra External ID to redirect users directly to a specific IdP instead of showing the list of all configured IdPs?

1 answer

Your answer