Users have different identities through different organizations, represented through IdPs. A user may not have IsLoggedIn set at all their possible IdPs when visiting a resource. If the user-agent assumes user can be satisfied because they have "IsLoggedIn" set for some of the multiple offered IdPs, the user may be denied access because the resource is one they need to interact with via a different identity.

Hiding alternative IdPs also hides the diversity of options. If the user only sees the IdP they have already used, they will not know other potentially more suitable options are available at the resource.


  • No labels