![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 8%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED3%3C/text%3E%3C/svg%3E)
3,286 questions
Hi @DisplayName-3010 • Thank you for reaching out.
To use Domain Hint in SAML, the SAML authentication request must contain either a domain hint or a query string whr=example.com"
To include the domain hint in the SAML request, you should use the Scoping XML node, and include a single entry IDPEntry under the IDPList (at this time, only the first IDPEntry node is used by Azure AD). Here’s an example of what the request would look like with “example.com” as the domain name hint:
<samlp:AuthnRequest xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="iddeb9381bc15e4fd6a253b97205d47c6f" Version="2.0" IssueInstant="2015-02-26T18:57:06.4772751Z" IsPassive="false" AssertionConsumerServiceURL="https://www.authnauthz.com/saml/inboundauthnresponse" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer>https://www.authnauthz.com</saml:Issuer>
<samlp:Scoping>
<samlp:IDPList>
<samlp:IDPEntry ProviderID="https://example.com" Name=”example.com”/>
</samlp:IDPList>
</samlp:Scoping>
</samlp:AuthnRequest>
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.