Skip to main content

Login Page Best Practices

If more than one Identity Provider (IDP) is configured in a realm, Keycloak directs users to a login page where they can select the IdP they want to use for authentication. You can skip this selection page or override the default IdP by passing the optional query parameter kc_idp_hint. See List of kc_idp_hints here

There are two common ways to provide the IdP hint:

  • When using a Keycloak adapter: configure the idpHint option in the adapter settings.
  • When not using an adapter: include the parameter directly in the authorization URL in your code or configuration, for example: http://localhost:8080/auth?kc_idp_hint=<idp_name>

For more details, refer to the Keycloak documentation.

If the framework you are using does not allow you to pass an IDP hint, please contact our team via Microsoft Teams Keycloak How-to Channel or by email to discuss alternative options.