Whilst our Wayfinder service is recommended you may prefer to write your own organisation discovery service. If you do, you'll need to know how to pass the relevant details to Keystone.

Once you have the relevant entityID for the user's organisation forward the user to:


The domain and appId parts of the address can be taken from your app's client ID (Configuration tab in the publisher dashboard) - they're the bits either side of the part that says ".oidc-app-v1." - e.g:


The entityID and target parameters should be encoded to make them URL safe and are the entityID of the IdP and the address where you will handle the user on their return, getting them to the page they were trying to access.