Show/hide IdPs (client restrictions)
By default, HelloID displays all available Identity providers (IdPs) on the login screen. This can be confusing for end users. Resolve this with client restrictions, which conditionally show/hide IdPs.
For this example, users on the organizational network, using domain-joined equipment, should be automatically logged in with integrated Windows authentication. Show only Agent-based authentication for all other instances.
Show an IdP
Go to Security > Authentication > Identity Providers.
For the relevant IdP, click Edit.
For this example, we'll select our ADFS IdP.
Go to the Client Restrictions tab.
For the Action, select Show.
Enable the Use IP Restriction toggle.
In the IP Ranges field, enter the IP address for the organization's public-facing IP. For multiple addresses, separate each with a comma. For a range, use a hyphen. For example:
66.123.1.0-66.123.1.254
.Enable the Use Source Restriction toggle. Select the browser/device-types allowed to use this authentication method.
Click Save.
Hide an IdP
Go to Security > Authentication > Identity Providers.
For the relevant IdP, click Edit.
For this example, we'll select our Azure AD IdP.
Go to the Client Restrictions tab.
For the Action, select Hide.
Enable the Use IP Restriction toggle.
Enter the same IP range as before.
Click Save.
Repeat these steps to hide other IdPs, such as the Local IdP.
Users will now only see relevant IdPs. Irrelevant IdPs will be hidden from the HelloID login screen.