Subject advice on redirect from email for discovery?
From Nicole Harris <harris@xxxxxxxxxx>
Date Wed, 15 May 2013 14:20:04 +0200

Hi All

(with thanks to Miro for pointing this out). The latest incarnation of Office365 web login ( uses redirection to the IdP based on the email address a user types in. We've discussed this on the list in the past, but this is the first time I have seen an implementation of it. Effectively the experience is:

 - type your email address in the email box.
- click on the password box, a 'redirecting message appears (but is slow to react).
 - user is redirected to the usual organisational login screen.

If you want to see it in action, make up a fake email based on, or or any site you know that uses 365.

Ther are obviously a lot of known problems with this approach that we've discussed before ( although also some benefits), however we don't specifically reference this approach anywhere in our guidance. Should we do something to include it? Are we likely to see more people using this as an approach, or is this isolated enough that we shouldn't worry about it now?



Project Development Officer
Singel 468 D
Amsterdam, 1017 AW
The Netherlands

T: +31(0)20 5304488
F: +31(0)20 5304499

mob: +31(0)646 105395