Home realm discovery (HRD) is the process of checking which provider or connection group a user belongs to, before authenticating them. It is also known as Identity Provider or IdP discovery.
When HRD is set up in Kinde, users are authenticated via the Home Realm Domain domain that has been specified.
HRD is usually applied where your identity provider (IdP) is a third party, such as Microsoft Azure, Google, Cloudflare, etc, and you are using an enterprise or SAML auth setup.
Kinde provides HRD through a universal login page.
When you set up a Microsoft Azure AD or custom SAML connection, you’ll configure the home realm (or domains) to be recognized during authentication. All home realm domains must be unique across all connections in the environment.
If HRD is not in place, the end-user must select the relevant log in button to be taken through to the right authentication URL.
When you apply HRD in Kinde, the end-user is recognized and authenticated based on their email domain, without having to select or click anything.
For example, you could configure two different connections as follows:
- Email addresses ending with
@enterpriseA.comuse SAML connection A - Email addresses ending with
@enterpriseB.comuse AzureAD connection B
In the back end, the end-user is linked to the correct identity provider via the connection.
So when Jude Watson arrives at the sign in window and enters judewatson@enterpriseA.com, they are redirected to SAML connection A.