Do the whole process all over again because the remember this device is on step 2 and it’s impossible to go back
Bonus stage 0: special login URL decided to crap out, and going back to any point in history automatically redirects to the error page that you can’t use to log in, so you need to keep going back and trying to copy the URL before it redirects becausw Firefox interprets pressing “stop” as “do whatever you want idk”
Not that strange. Different users may belong to different groups which may have different authentication backends. The associated authentication method is brought up once a username has been provided.
And the auto-submitting TOTP entry form where you’re apparently not allowed to make a typo. And obscuring the TOTP number like it’s a password or state secret.
This is because of Enterprise Single Sign On. You can try this for yourself by going to https://gmail.com/ and enter the email of a public person at a large org, for example the CEO of Doordash (tony@doordash.com). After you enter the email, you get sent to Doordash’s employee portal to authenticate. Based on the email you provide, Gmail has to figure out if you need to provide a password to gmail itself or if the email authenticates another way.
It’s not like you can’t add a “Log in with your company’s SSO” button to the form. That works just fine and at least Microsoft does something like that.
Not sure I’d take design inspiration from Microsoft of all places. Also https://login.live.com/ has the same workflow email -> continue -> password. Not sure where you’re seeing Log in with SSO option.
I see the Login with SSO option all over the place. Of course, that assumes the users actually understand what that means, and they know whether or not they need to click it.
My company uses Entra ID (or whatever they’ve renamed it to this week) and it’s a pretty common sight in our login flow. I think our SharePoint instance does it so it should be something MS does.
Of course it all depends on w how the company configures it.
Ok, I think I get what you’re saying. You mean have a different form input without the password, like how it’s done here: https://eu.app.orcasecurity.io/login? I guess that’s one way to do it, but it’s not really intuitive from a user perspective, since the first thing you see is a password field, and then think you don’t have access because you don’t have a password. This one comes to mind because I have had to tell people to click the tab for the email only field, not email and password.
Also This strange trend to split username and password on to two separate pages, or only showing the password field after confirming the username
Bonus stage 0: special login URL decided to crap out, and going back to any point in history automatically redirects to the error page that you can’t use to log in, so you need to keep going back and trying to copy the URL before it redirects becausw Firefox interprets pressing “stop” as “do whatever you want idk”
Fucking aws…
You forgot step 2.5: incorrectly identifying stoplights 6 times in a row.
Not that strange. Different users may belong to different groups which may have different authentication backends. The associated authentication method is brought up once a username has been provided.
if your choice of api route directly affects your auth flow something is very wrong.
You can do that as part of an OAuth workflow. You don’t need to have them on separate pages for that to happen.
Yes, but, it also lets them slurp up email addresses. Routing users is legit tho.
And the auto-submitting TOTP entry form where you’re apparently not allowed to make a typo. And obscuring the TOTP number like it’s a password or state secret.
This is because of Enterprise Single Sign On. You can try this for yourself by going to https://gmail.com/ and enter the email of a public person at a large org, for example the CEO of Doordash (
tony@doordash.com). After you enter the email, you get sent to Doordash’s employee portal to authenticate. Based on the email you provide, Gmail has to figure out if you need to provide a password to gmail itself or if the email authenticates another way.It’s not like you can’t add a “Log in with your company’s SSO” button to the form. That works just fine and at least Microsoft does something like that.
Not sure I’d take design inspiration from Microsoft of all places. Also https://login.live.com/ has the same workflow email -> continue -> password. Not sure where you’re seeing Log in with SSO option.
I see the Login with SSO option all over the place. Of course, that assumes the users actually understand what that means, and they know whether or not they need to click it.
My company uses Entra ID (or whatever they’ve renamed it to this week) and it’s a pretty common sight in our login flow. I think our SharePoint instance does it so it should be something MS does.
Of course it all depends on w how the company configures it.
Ok, I think I get what you’re saying. You mean have a different form input without the password, like how it’s done here: https://eu.app.orcasecurity.io/login? I guess that’s one way to do it, but it’s not really intuitive from a user perspective, since the first thing you see is a password field, and then think you don’t have access because you don’t have a password. This one comes to mind because I have had to tell people to click the tab for the email only field, not email and password.
1Password handles this gracefully