Share via

Entra External ID - Domain Hint for Custom OpenID Connect IDPs

Josh Dinndorf 61 Reputation points
2025-08-27T18:32:51.5466667+00:00

I am expecting Entra External ID to support the query parameter domain_hint for HRD i.e. login straight to the Custom OpenID Connect IDP without having to select

domain_hint=login.live.com works for MS accounts

https://wggdemo.ciamlogin.com/818fbfd7-0338-45d3-8cc8-8d521cc578b2/oauth2/v2.0/authorize?client_id=10....domain_hint=login.live.com

however anything I try for custom idp does not.

In AzureB2C this works as expected allowing to specify the domain to IDP

<Domain>customidp.com</Domain>

Does Entra External ID support this? If so what domain hint should be used from the Custom IDP configuration?

The Entra demo states

"The domain_hint parameter is an optional query parameter that can be added to the authorization request URL. It indicates to Microsoft Entra external ID which domain the user should use for signing in. When included, the user will bypass the Microsoft Entra external ID sign-in page and proceed directly to the external identity provider's sign-in page. This feature is currently in preview and available only for Custom OpenID Connect IDPs"

https://woodgrovedemo.com/#usecase=DomainHint

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.