When you do not want to require users to select their domain before they log in to Workspace ONE Access, you can hide the domain request page. You then select a unique identifier to distinguish users across your organization.

When users log in, a page displays prompting them to enter their unique identifier. Workspace ONE Access attempts to find the user in the internal database. When the Workspace ONE Access service looks up the identifier, the information found includes the domain that the user belongs to. The authentication page that displays is based on the access policy rules for that domain.

The unique identifier can be the user name, email address, UPN, or employee ID. You select the identifier to use from the Identity & Access Management > Preferences page. The unique identifier attribute must be mapped in the User Attributes page and synced from Active Directory.

If multiple users are found that match the identifier and no unique user can be determined, an error message displays. If no user is found, the local user login page is displayed to avoid possible user name enumeration attacks.