Authentication stays separate from authorization.
Domain precedence is enforced here: @jeanedwards.com goes to Entra, @gbli.com goes to Okta, @pm.me goes to Authbeast, and local demo usernames stay on the existing Keycloak realm.
Start sign-in
Type a username or email address and the app will route you to the right upstream IdP before starting OIDC.
Providers
Use these direct links when you already know the right upstream provider or when no automatic match exists.
Broker to the existing gbli-demo realm for local username/password sign-in.
Match rules: @gbli.demo
Automatic match for users in the jeanedwards.com Microsoft tenant.
Match rules: @jeanedwards.com
Automatic match for gbli.com identities routed into Okta.
Match rules: @gbli.com
Automatic match for pm.me identities routed into the Authbeast SAML IdP.
Match rules: @pm.me