From 86c73daf6fe5ecfa08b4b77c1f2003066e12d04b Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Thu, 9 Oct 2025 19:10:47 -0300
Subject: [PATCH 01/14] Add `enterprise_sso` for session reverification
---
.../clerk-js/src/core/resources/Session.ts | 7 +++++
.../UVFactorOneEnterpriseSSOCard.tsx | 29 +++++++++++++++++++
.../UserVerificationFactorOne.tsx | 9 ++++++
packages/types/src/factors.ts | 4 +++
packages/types/src/session.ts | 7 ++++-
packages/types/src/sessionVerification.ts | 8 ++++-
6 files changed, 62 insertions(+), 2 deletions(-)
create mode 100644 packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
diff --git a/packages/clerk-js/src/core/resources/Session.ts b/packages/clerk-js/src/core/resources/Session.ts
index 08161325f27..7f06449a466 100644
--- a/packages/clerk-js/src/core/resources/Session.ts
+++ b/packages/clerk-js/src/core/resources/Session.ts
@@ -6,6 +6,7 @@ import type {
ActClaim,
CheckAuthorization,
EmailCodeConfig,
+ EnterpriseSSOConfig,
GetToken,
GetTokenOptions,
PhoneCodeConfig,
@@ -179,6 +180,12 @@ export class Session extends BaseResource implements SessionResource {
case 'passkey':
config = {};
break;
+ case 'enterprise_sso':
+ config = {
+ emailAddressId: factor.emailAddressId,
+ enterpriseConnectionId: factor.enterpriseConnectionId,
+ } as EnterpriseSSOConfig;
+ break;
default:
clerkInvalidStrategy('Session.prepareFirstFactorVerification', (factor as any).strategy);
}
diff --git a/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx b/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
new file mode 100644
index 00000000000..164c5015bf9
--- /dev/null
+++ b/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
@@ -0,0 +1,29 @@
+import type { EnterpriseSSOFactor, SessionVerificationFirstFactor } from '@clerk/types';
+
+import { Card, Card } from '@/ui/elements/Card';
+import { Header } from '@/ui/elements/Header';
+
+import { localizationKeys } from '../../customizables';
+
+type UVFactorOneEnterpriseSSOCardProps = {
+ currentFactor: EnterpriseSSOFactor;
+ availableFactors: SessionVerificationFirstFactor[] | null;
+};
+
+export const UVFactorOneEnterpriseSSOCard = (_props: UVFactorOneEnterpriseSSOCardProps) => {
+ return (
+
+
+
+ {/* TODO - Display headers depending on whether there's a single or multiple connections */}
+
+
+
+ {card.error}
+ {/* TODO -> Display option to choose enterprise SSO */}
+
+
+
+
+ );
+};
diff --git a/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx b/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
index 46d50883426..68db9602c1b 100644
--- a/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
+++ b/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
@@ -15,6 +15,7 @@ import { UserVerificationFactorOnePasswordCard } from './UserVerificationFactorO
import { useUserVerificationSession, withUserVerificationSessionGuard } from './useUserVerificationSession';
import { sortByPrimaryFactor } from './utils';
import { UVFactorOneEmailCodeCard } from './UVFactorOneEmailCodeCard';
+import { UVFactorOneEnterpriseSSOCard } from './UVFactorOneEnterpriseSSOCard';
import { UVFactorOnePasskeysCard } from './UVFactorOnePasskeysCard';
import { UVFactorOnePhoneCodeCard } from './UVFactorOnePhoneCodeCard';
@@ -37,6 +38,7 @@ const SUPPORTED_STRATEGIES: SessionVerificationFirstFactor['strategy'][] = [
'email_code',
'phone_code',
'passkey',
+ 'enterprise_sso',
] as const;
export function UserVerificationFactorOneInternal(): JSX.Element | null {
@@ -155,6 +157,13 @@ export function UserVerificationFactorOneInternal(): JSX.Element | null {
);
case 'passkey':
return ;
+ case 'enterprise_sso':
+ return (
+
+ );
default:
return ;
}
diff --git a/packages/types/src/factors.ts b/packages/types/src/factors.ts
index 407b5904538..2c2e11531dc 100644
--- a/packages/types/src/factors.ts
+++ b/packages/types/src/factors.ts
@@ -124,6 +124,10 @@ export type EnterpriseSSOConfig = EnterpriseSSOFactor & {
redirectUrl: string;
actionCompleteRedirectUrl: string;
oidcPrompt?: string;
+ /**
+ * @experimental
+ */
+ emailAddressId?: string;
/**
* @experimental
*/
diff --git a/packages/types/src/session.ts b/packages/types/src/session.ts
index a189d85c73c..278ef4029ec 100644
--- a/packages/types/src/session.ts
+++ b/packages/types/src/session.ts
@@ -2,6 +2,7 @@ import type {
BackupCodeAttempt,
EmailCodeAttempt,
EmailCodeConfig,
+ EnterpriseSSOConfig,
PasskeyAttempt,
PassKeyConfig,
PasswordAttempt,
@@ -351,7 +352,11 @@ export type SessionVerifyCreateParams = {
level: SessionVerificationLevel;
};
-export type SessionVerifyPrepareFirstFactorParams = EmailCodeConfig | PhoneCodeConfig | PassKeyConfig;
+export type SessionVerifyPrepareFirstFactorParams =
+ | EmailCodeConfig
+ | PhoneCodeConfig
+ | PassKeyConfig
+ | EnterpriseSSOConfig;
export type SessionVerifyAttemptFirstFactorParams =
| EmailCodeAttempt
| PhoneCodeAttempt
diff --git a/packages/types/src/sessionVerification.ts b/packages/types/src/sessionVerification.ts
index ffc4341abe0..30f4ea38ff1 100644
--- a/packages/types/src/sessionVerification.ts
+++ b/packages/types/src/sessionVerification.ts
@@ -1,6 +1,7 @@
import type {
BackupCodeFactor,
EmailCodeFactor,
+ EnterpriseSSOFactor,
PasskeyFactor,
PasswordFactor,
PhoneCodeFactor,
@@ -49,5 +50,10 @@ export type ReverificationConfig =
export type SessionVerificationLevel = 'first_factor' | 'second_factor' | 'multi_factor';
export type SessionVerificationAfterMinutes = number;
-export type SessionVerificationFirstFactor = EmailCodeFactor | PhoneCodeFactor | PasswordFactor | PasskeyFactor;
+export type SessionVerificationFirstFactor =
+ | EmailCodeFactor
+ | PhoneCodeFactor
+ | PasswordFactor
+ | PasskeyFactor
+ | EnterpriseSSOFactor;
export type SessionVerificationSecondFactor = PhoneCodeFactor | TOTPFactor | BackupCodeFactor;
From 5bcab2d759253c3cae041da0459e815c78b1d6ef Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 10 Oct 2025 12:26:01 -0300
Subject: [PATCH 02/14] Rollback component changes
---
.../UVFactorOneEnterpriseSSOCard.tsx | 29 -------------------
.../UserVerificationFactorOne.tsx | 8 -----
2 files changed, 37 deletions(-)
delete mode 100644 packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
diff --git a/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx b/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
deleted file mode 100644
index 164c5015bf9..00000000000
--- a/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
+++ /dev/null
@@ -1,29 +0,0 @@
-import type { EnterpriseSSOFactor, SessionVerificationFirstFactor } from '@clerk/types';
-
-import { Card, Card } from '@/ui/elements/Card';
-import { Header } from '@/ui/elements/Header';
-
-import { localizationKeys } from '../../customizables';
-
-type UVFactorOneEnterpriseSSOCardProps = {
- currentFactor: EnterpriseSSOFactor;
- availableFactors: SessionVerificationFirstFactor[] | null;
-};
-
-export const UVFactorOneEnterpriseSSOCard = (_props: UVFactorOneEnterpriseSSOCardProps) => {
- return (
-
-
-
- {/* TODO - Display headers depending on whether there's a single or multiple connections */}
-
-
-
- {card.error}
- {/* TODO -> Display option to choose enterprise SSO */}
-
-
-
-
- );
-};
diff --git a/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx b/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
index 68db9602c1b..6f93a34b230 100644
--- a/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
+++ b/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
@@ -15,7 +15,6 @@ import { UserVerificationFactorOnePasswordCard } from './UserVerificationFactorO
import { useUserVerificationSession, withUserVerificationSessionGuard } from './useUserVerificationSession';
import { sortByPrimaryFactor } from './utils';
import { UVFactorOneEmailCodeCard } from './UVFactorOneEmailCodeCard';
-import { UVFactorOneEnterpriseSSOCard } from './UVFactorOneEnterpriseSSOCard';
import { UVFactorOnePasskeysCard } from './UVFactorOnePasskeysCard';
import { UVFactorOnePhoneCodeCard } from './UVFactorOnePhoneCodeCard';
@@ -157,13 +156,6 @@ export function UserVerificationFactorOneInternal(): JSX.Element | null {
);
case 'passkey':
return ;
- case 'enterprise_sso':
- return (
-
- );
default:
return ;
}
From dc59a582f68bb726984a789cd83e43532828a80d Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Thu, 9 Oct 2025 19:10:47 -0300
Subject: [PATCH 03/14] Add `enterprise_sso` for session reverification
---
.../UVFactorOneEnterpriseSSOCard.tsx | 29 +++++++++++++++++++
.../UserVerificationFactorOne.tsx | 8 +++++
2 files changed, 37 insertions(+)
create mode 100644 packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
diff --git a/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx b/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
new file mode 100644
index 00000000000..164c5015bf9
--- /dev/null
+++ b/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
@@ -0,0 +1,29 @@
+import type { EnterpriseSSOFactor, SessionVerificationFirstFactor } from '@clerk/types';
+
+import { Card, Card } from '@/ui/elements/Card';
+import { Header } from '@/ui/elements/Header';
+
+import { localizationKeys } from '../../customizables';
+
+type UVFactorOneEnterpriseSSOCardProps = {
+ currentFactor: EnterpriseSSOFactor;
+ availableFactors: SessionVerificationFirstFactor[] | null;
+};
+
+export const UVFactorOneEnterpriseSSOCard = (_props: UVFactorOneEnterpriseSSOCardProps) => {
+ return (
+
+
+
+ {/* TODO - Display headers depending on whether there's a single or multiple connections */}
+
+
+
+ {card.error}
+ {/* TODO -> Display option to choose enterprise SSO */}
+
+
+
+
+ );
+};
diff --git a/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx b/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
index 6f93a34b230..68db9602c1b 100644
--- a/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
+++ b/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
@@ -15,6 +15,7 @@ import { UserVerificationFactorOnePasswordCard } from './UserVerificationFactorO
import { useUserVerificationSession, withUserVerificationSessionGuard } from './useUserVerificationSession';
import { sortByPrimaryFactor } from './utils';
import { UVFactorOneEmailCodeCard } from './UVFactorOneEmailCodeCard';
+import { UVFactorOneEnterpriseSSOCard } from './UVFactorOneEnterpriseSSOCard';
import { UVFactorOnePasskeysCard } from './UVFactorOnePasskeysCard';
import { UVFactorOnePhoneCodeCard } from './UVFactorOnePhoneCodeCard';
@@ -156,6 +157,13 @@ export function UserVerificationFactorOneInternal(): JSX.Element | null {
);
case 'passkey':
return ;
+ case 'enterprise_sso':
+ return (
+
+ );
default:
return ;
}
From ca195aaed7b8a0dedca69ad6234a52a6a1848aab Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 10 Oct 2025 11:38:56 -0300
Subject: [PATCH 04/14] feat(clerk-js,types,localizations): Choose enterprise
connection on sign-in/sign-up (#6947)
---
packages/types/src/factors.ts | 3 +++
1 file changed, 3 insertions(+)
diff --git a/packages/types/src/factors.ts b/packages/types/src/factors.ts
index 2c2e11531dc..444cf932a7f 100644
--- a/packages/types/src/factors.ts
+++ b/packages/types/src/factors.ts
@@ -127,10 +127,13 @@ export type EnterpriseSSOConfig = EnterpriseSSOFactor & {
/**
* @experimental
*/
+<<<<<<< HEAD
emailAddressId?: string;
/**
* @experimental
*/
+=======
+>>>>>>> a66357e8a (feat(clerk-js,types,localizations): Choose enterprise connection on sign-in/sign-up (#6947))
enterpriseConnectionId?: string;
};
From 6bf51364763a87bacce38a19411791487bf0b7cc Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Thu, 9 Oct 2025 19:10:47 -0300
Subject: [PATCH 05/14] Add `enterprise_sso` for session reverification
---
packages/types/src/factors.ts | 3 ---
1 file changed, 3 deletions(-)
diff --git a/packages/types/src/factors.ts b/packages/types/src/factors.ts
index 444cf932a7f..2c2e11531dc 100644
--- a/packages/types/src/factors.ts
+++ b/packages/types/src/factors.ts
@@ -127,13 +127,10 @@ export type EnterpriseSSOConfig = EnterpriseSSOFactor & {
/**
* @experimental
*/
-<<<<<<< HEAD
emailAddressId?: string;
/**
* @experimental
*/
-=======
->>>>>>> a66357e8a (feat(clerk-js,types,localizations): Choose enterprise connection on sign-in/sign-up (#6947))
enterpriseConnectionId?: string;
};
From 6caaf8ed01cc3e2769d62be93f6841bda725d3a5 Mon Sep 17 00:00:00 2001
From: Nicolas Lopes
Date: Fri, 10 Oct 2025 12:25:29 -0300
Subject: [PATCH 06/14] wip
---
packages/backend/src/api/resources/JSON.ts | 1 +
packages/backend/src/api/resources/SamlAccount.ts | 7 ++++++-
packages/clerk-js/src/core/resources/Session.ts | 2 ++
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/packages/backend/src/api/resources/JSON.ts b/packages/backend/src/api/resources/JSON.ts
index 8e5ec664887..6e99e0855fa 100644
--- a/packages/backend/src/api/resources/JSON.ts
+++ b/packages/backend/src/api/resources/JSON.ts
@@ -246,6 +246,7 @@ export interface SamlAccountJSON extends ClerkResourceJSON {
last_name: string;
verification: VerificationJSON | null;
saml_connection: SamlAccountConnectionJSON | null;
+ last_authenticated_at: number | null;
}
export interface IdentificationLinkJSON extends ClerkResourceJSON {
diff --git a/packages/backend/src/api/resources/SamlAccount.ts b/packages/backend/src/api/resources/SamlAccount.ts
index ba061536c34..16697513a2c 100644
--- a/packages/backend/src/api/resources/SamlAccount.ts
+++ b/packages/backend/src/api/resources/SamlAccount.ts
@@ -43,7 +43,11 @@ export class SamlAccount {
* The SAML connection of the SAML account.
*/
readonly samlConnection: SamlAccountConnection | null,
- ) {}
+ /**
+ * The date when the SAML account was last authenticated.
+ */
+ readonly lastAuthenticatedAt: number | null,
+ ) { }
static fromJSON(data: SamlAccountJSON): SamlAccount {
return new SamlAccount(
@@ -56,6 +60,7 @@ export class SamlAccount {
data.last_name,
data.verification && Verification.fromJSON(data.verification),
data.saml_connection && SamlAccountConnection.fromJSON(data.saml_connection),
+ data.last_authenticated_at ? data.last_authenticated_at : null,
);
}
}
diff --git a/packages/clerk-js/src/core/resources/Session.ts b/packages/clerk-js/src/core/resources/Session.ts
index 7f06449a466..13da807cfda 100644
--- a/packages/clerk-js/src/core/resources/Session.ts
+++ b/packages/clerk-js/src/core/resources/Session.ts
@@ -184,6 +184,8 @@ export class Session extends BaseResource implements SessionResource {
config = {
emailAddressId: factor.emailAddressId,
enterpriseConnectionId: factor.enterpriseConnectionId,
+ redirectUrl: factor.redirectUrl,
+ actionCompleteRedirectUrl: factor.actionCompleteRedirectUrl,
} as EnterpriseSSOConfig;
break;
default:
From 06a093e02ac1d69fbbd98bad417200bb81166631 Mon Sep 17 00:00:00 2001
From: Nicolas Lopes
Date: Fri, 10 Oct 2025 12:54:19 -0300
Subject: [PATCH 07/14] add last_authenticated_at to bapi
---
packages/clerk-js/src/core/resources/EnterpriseAccount.ts | 4 +++-
packages/clerk-js/src/core/resources/SamlAccount.ts | 4 ++++
packages/types/src/json.ts | 2 ++
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/packages/clerk-js/src/core/resources/EnterpriseAccount.ts b/packages/clerk-js/src/core/resources/EnterpriseAccount.ts
index 8a884c089f7..eb6797e51cc 100644
--- a/packages/clerk-js/src/core/resources/EnterpriseAccount.ts
+++ b/packages/clerk-js/src/core/resources/EnterpriseAccount.ts
@@ -24,6 +24,7 @@ export class EnterpriseAccount extends BaseResource implements EnterpriseAccount
publicMetadata = {};
verification: VerificationResource | null = null;
enterpriseConnection: EnterpriseAccountConnectionResource | null = null;
+ lastAuthenticatedAt: Date | null = null;
public constructor(data: Partial, pathRoot: string);
public constructor(data: EnterpriseAccountJSON | EnterpriseAccountJSONSnapshot, pathRoot: string) {
@@ -46,7 +47,7 @@ export class EnterpriseAccount extends BaseResource implements EnterpriseAccount
this.firstName = data.first_name;
this.lastName = data.last_name;
this.publicMetadata = data.public_metadata;
-
+ this.lastAuthenticatedAt = data.last_authenticated_at ? unixEpochToDate(data.last_authenticated_at) : null;
if (data.verification) {
this.verification = new Verification(data.verification);
}
@@ -72,6 +73,7 @@ export class EnterpriseAccount extends BaseResource implements EnterpriseAccount
public_metadata: this.publicMetadata,
verification: this.verification?.__internal_toSnapshot() || null,
enterprise_connection: this.enterpriseConnection?.__internal_toSnapshot() || null,
+ last_authenticated_at: this.lastAuthenticatedAt ? this.lastAuthenticatedAt.getTime() : null,
};
}
}
diff --git a/packages/clerk-js/src/core/resources/SamlAccount.ts b/packages/clerk-js/src/core/resources/SamlAccount.ts
index 1fb407edb35..40078ac63b6 100644
--- a/packages/clerk-js/src/core/resources/SamlAccount.ts
+++ b/packages/clerk-js/src/core/resources/SamlAccount.ts
@@ -23,6 +23,7 @@ export class SamlAccount extends BaseResource implements SamlAccountResource {
lastName = '';
verification: VerificationResource | null = null;
samlConnection: SamlAccountConnectionResource | null = null;
+ lastAuthenticatedAt: Date | null = null;
public constructor(data: Partial, pathRoot: string);
public constructor(data: SamlAccountJSON | SamlAccountJSONSnapshot, pathRoot: string) {
@@ -52,6 +53,8 @@ export class SamlAccount extends BaseResource implements SamlAccountResource {
this.samlConnection = new SamlAccountConnection(data.saml_connection);
}
+ this.lastAuthenticatedAt = data.last_authenticated_at ? unixEpochToDate(data.last_authenticated_at) : null;
+
return this;
}
@@ -67,6 +70,7 @@ export class SamlAccount extends BaseResource implements SamlAccountResource {
last_name: this.lastName,
verification: this.verification?.__internal_toSnapshot() || null,
saml_connection: this.samlConnection?.__internal_toSnapshot(),
+ last_authenticated_at: this.lastAuthenticatedAt ? this.lastAuthenticatedAt.getTime() : null,
};
}
}
diff --git a/packages/types/src/json.ts b/packages/types/src/json.ts
index dc1fdee75e5..8860137b287 100644
--- a/packages/types/src/json.ts
+++ b/packages/types/src/json.ts
@@ -252,6 +252,7 @@ export interface EnterpriseAccountJSON extends ClerkResourceJSON {
provider_user_id: string | null;
public_metadata: Record;
verification: VerificationJSON | null;
+ last_authenticated_at: number | null;
}
export interface EnterpriseAccountConnectionJSON extends ClerkResourceJSON {
@@ -279,6 +280,7 @@ export interface SamlAccountJSON extends ClerkResourceJSON {
last_name: string;
verification?: VerificationJSON;
saml_connection?: SamlAccountConnectionJSON;
+ last_authenticated_at: number | null;
}
export interface UserJSON extends ClerkResourceJSON {
From acf3758a3f75654a39b99cf2be30d5b9d7edaa0e Mon Sep 17 00:00:00 2001
From: Nicolas Lopes
Date: Fri, 10 Oct 2025 12:59:44 -0300
Subject: [PATCH 08/14] make build work
---
.../components/UserVerification/AlternativeMethods.tsx | 3 ++-
.../UserVerification/UserVerificationFactorOne.tsx | 9 ---------
2 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/packages/clerk-js/src/ui/components/UserVerification/AlternativeMethods.tsx b/packages/clerk-js/src/ui/components/UserVerification/AlternativeMethods.tsx
index 509835a6a15..fd0a8102da5 100644
--- a/packages/clerk-js/src/ui/components/UserVerification/AlternativeMethods.tsx
+++ b/packages/clerk-js/src/ui/components/UserVerification/AlternativeMethods.tsx
@@ -10,7 +10,7 @@ import { formatSafeIdentifier } from '@/ui/utils/formatSafeIdentifier';
import type { LocalizationKey } from '../../customizables';
import { Col, descriptors, Flex, Flow, localizationKeys } from '../../customizables';
import { useCardState } from '../../elements/contexts';
-import { ChatAltIcon, Email, Fingerprint, LockClosedIcon } from '../../icons';
+import { ChatAltIcon, Email, Fingerprint, LockClosedIcon, Organization } from '../../icons';
import { useReverificationAlternativeStrategies } from './useReverificationAlternativeStrategies';
import { useUserVerificationSession } from './useUserVerificationSession';
import { withHavingTrouble } from './withHavingTrouble';
@@ -128,6 +128,7 @@ export function getButtonIcon(factor: SessionVerificationFirstFactor) {
phone_code: ChatAltIcon,
password: LockClosedIcon,
passkey: Fingerprint,
+ enterprise_sso: Organization,
} as const;
return icons[factor.strategy];
diff --git a/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx b/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
index 68db9602c1b..46d50883426 100644
--- a/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
+++ b/packages/clerk-js/src/ui/components/UserVerification/UserVerificationFactorOne.tsx
@@ -15,7 +15,6 @@ import { UserVerificationFactorOnePasswordCard } from './UserVerificationFactorO
import { useUserVerificationSession, withUserVerificationSessionGuard } from './useUserVerificationSession';
import { sortByPrimaryFactor } from './utils';
import { UVFactorOneEmailCodeCard } from './UVFactorOneEmailCodeCard';
-import { UVFactorOneEnterpriseSSOCard } from './UVFactorOneEnterpriseSSOCard';
import { UVFactorOnePasskeysCard } from './UVFactorOnePasskeysCard';
import { UVFactorOnePhoneCodeCard } from './UVFactorOnePhoneCodeCard';
@@ -38,7 +37,6 @@ const SUPPORTED_STRATEGIES: SessionVerificationFirstFactor['strategy'][] = [
'email_code',
'phone_code',
'passkey',
- 'enterprise_sso',
] as const;
export function UserVerificationFactorOneInternal(): JSX.Element | null {
@@ -157,13 +155,6 @@ export function UserVerificationFactorOneInternal(): JSX.Element | null {
);
case 'passkey':
return ;
- case 'enterprise_sso':
- return (
-
- );
default:
return ;
}
From 8240a76a99f4f04c94d15ca7736778775f61f6c4 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 10 Oct 2025 13:03:42 -0300
Subject: [PATCH 09/14] Remove unused component
---
.../UVFactorOneEnterpriseSSOCard.tsx | 29 -------------------
1 file changed, 29 deletions(-)
delete mode 100644 packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
diff --git a/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx b/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
deleted file mode 100644
index 164c5015bf9..00000000000
--- a/packages/clerk-js/src/ui/components/UserVerification/UVFactorOneEnterpriseSSOCard.tsx
+++ /dev/null
@@ -1,29 +0,0 @@
-import type { EnterpriseSSOFactor, SessionVerificationFirstFactor } from '@clerk/types';
-
-import { Card, Card } from '@/ui/elements/Card';
-import { Header } from '@/ui/elements/Header';
-
-import { localizationKeys } from '../../customizables';
-
-type UVFactorOneEnterpriseSSOCardProps = {
- currentFactor: EnterpriseSSOFactor;
- availableFactors: SessionVerificationFirstFactor[] | null;
-};
-
-export const UVFactorOneEnterpriseSSOCard = (_props: UVFactorOneEnterpriseSSOCardProps) => {
- return (
-
-
-
- {/* TODO - Display headers depending on whether there's a single or multiple connections */}
-
-
-
- {card.error}
- {/* TODO -> Display option to choose enterprise SSO */}
-
-
-
-
- );
-};
From 76b6247174737e04d51dee0b4191dd77ac9c22c6 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 10 Oct 2025 13:13:15 -0300
Subject: [PATCH 10/14] Add changeset
---
.changeset/plenty-shirts-tease.md | 7 +++++++
1 file changed, 7 insertions(+)
create mode 100644 .changeset/plenty-shirts-tease.md
diff --git a/.changeset/plenty-shirts-tease.md b/.changeset/plenty-shirts-tease.md
new file mode 100644
index 00000000000..669525fb36b
--- /dev/null
+++ b/.changeset/plenty-shirts-tease.md
@@ -0,0 +1,7 @@
+---
+'@clerk/clerk-js': patch
+'@clerk/backend': patch
+'@clerk/types': patch
+---
+
+Add `enterprise_sso` for session reverification
From 933dfb0745fd6530ce06ec5cb43d109dfd4c6eb6 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 10 Oct 2025 13:26:32 -0300
Subject: [PATCH 11/14] Run format
---
packages/backend/src/api/resources/SamlAccount.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/packages/backend/src/api/resources/SamlAccount.ts b/packages/backend/src/api/resources/SamlAccount.ts
index 16697513a2c..6466c5d0362 100644
--- a/packages/backend/src/api/resources/SamlAccount.ts
+++ b/packages/backend/src/api/resources/SamlAccount.ts
@@ -47,7 +47,7 @@ export class SamlAccount {
* The date when the SAML account was last authenticated.
*/
readonly lastAuthenticatedAt: number | null,
- ) { }
+ ) {}
static fromJSON(data: SamlAccountJSON): SamlAccount {
return new SamlAccount(
From 956313142351c2234479f4e5e8e5aa9e71f00775 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 10 Oct 2025 13:42:32 -0300
Subject: [PATCH 12/14] Extract changes into different changesets
---
.changeset/plenty-shirts-tease.md | 4 +---
.changeset/thick-jokes-talk.md | 7 +++++++
packages/backend/src/api/resources/SamlAccount.ts | 2 +-
3 files changed, 9 insertions(+), 4 deletions(-)
create mode 100644 .changeset/thick-jokes-talk.md
diff --git a/.changeset/plenty-shirts-tease.md b/.changeset/plenty-shirts-tease.md
index 669525fb36b..c5ab218f22c 100644
--- a/.changeset/plenty-shirts-tease.md
+++ b/.changeset/plenty-shirts-tease.md
@@ -1,7 +1,5 @@
---
-'@clerk/clerk-js': patch
'@clerk/backend': patch
-'@clerk/types': patch
---
-Add `enterprise_sso` for session reverification
+Add `last_authenticated_at` to `SAMLAccount` resource, which represents the date when the SAML account was last authenticated
diff --git a/.changeset/thick-jokes-talk.md b/.changeset/thick-jokes-talk.md
new file mode 100644
index 00000000000..7a63ba0325d
--- /dev/null
+++ b/.changeset/thick-jokes-talk.md
@@ -0,0 +1,7 @@
+---
+'@clerk/clerk-js': patch
+'@clerk/types': patch
+---
+
+- Add `last_authenticated_at` to `SAMLAccount` resource, which represents the date when the SAML account was last authenticated
+- Support `enterprise_sso` as a `strategy` param for `session.prepareFirstFactorVerification`
diff --git a/packages/backend/src/api/resources/SamlAccount.ts b/packages/backend/src/api/resources/SamlAccount.ts
index 6466c5d0362..7fb22daaf7f 100644
--- a/packages/backend/src/api/resources/SamlAccount.ts
+++ b/packages/backend/src/api/resources/SamlAccount.ts
@@ -60,7 +60,7 @@ export class SamlAccount {
data.last_name,
data.verification && Verification.fromJSON(data.verification),
data.saml_connection && SamlAccountConnection.fromJSON(data.saml_connection),
- data.last_authenticated_at ? data.last_authenticated_at : null,
+ data.last_authenticated_at ?? null,
);
}
}
From 3c5c754aabde25daab7d0fc75c1154a30b58bba3 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 10 Oct 2025 15:23:11 -0300
Subject: [PATCH 13/14] Fix typo on changelog
---
.changeset/thick-jokes-talk.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.changeset/thick-jokes-talk.md b/.changeset/thick-jokes-talk.md
index 7a63ba0325d..d4e96024416 100644
--- a/.changeset/thick-jokes-talk.md
+++ b/.changeset/thick-jokes-talk.md
@@ -3,5 +3,5 @@
'@clerk/types': patch
---
-- Add `last_authenticated_at` to `SAMLAccount` resource, which represents the date when the SAML account was last authenticated
-- Support `enterprise_sso` as a `strategy` param for `session.prepareFirstFactorVerification`
+- Add experimental property `last_authenticated_at` to `SamlAccount` resource, which represents the date when the SAML account was last authenticated
+- Add experimental support for `enterprise_sso` as a `strategy` param for `session.prepareFirstFactorVerification`
From 45fad17b0aa89c9aee936df52f5ace90686b3772 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 10 Oct 2025 15:23:25 -0300
Subject: [PATCH 14/14] Add experimental flags and fix enterprise SSO params
---
packages/clerk-js/src/core/resources/Session.ts | 1 -
packages/types/src/session.ts | 5 ++++-
packages/types/src/sessionVerification.ts | 3 +++
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/packages/clerk-js/src/core/resources/Session.ts b/packages/clerk-js/src/core/resources/Session.ts
index 13da807cfda..7128832ccaf 100644
--- a/packages/clerk-js/src/core/resources/Session.ts
+++ b/packages/clerk-js/src/core/resources/Session.ts
@@ -185,7 +185,6 @@ export class Session extends BaseResource implements SessionResource {
emailAddressId: factor.emailAddressId,
enterpriseConnectionId: factor.enterpriseConnectionId,
redirectUrl: factor.redirectUrl,
- actionCompleteRedirectUrl: factor.actionCompleteRedirectUrl,
} as EnterpriseSSOConfig;
break;
default:
diff --git a/packages/types/src/session.ts b/packages/types/src/session.ts
index 278ef4029ec..11629a838d4 100644
--- a/packages/types/src/session.ts
+++ b/packages/types/src/session.ts
@@ -356,7 +356,10 @@ export type SessionVerifyPrepareFirstFactorParams =
| EmailCodeConfig
| PhoneCodeConfig
| PassKeyConfig
- | EnterpriseSSOConfig;
+ /**
+ * @experimental
+ */
+ | Omit;
export type SessionVerifyAttemptFirstFactorParams =
| EmailCodeAttempt
| PhoneCodeAttempt
diff --git a/packages/types/src/sessionVerification.ts b/packages/types/src/sessionVerification.ts
index 30f4ea38ff1..61af637ce2b 100644
--- a/packages/types/src/sessionVerification.ts
+++ b/packages/types/src/sessionVerification.ts
@@ -55,5 +55,8 @@ export type SessionVerificationFirstFactor =
| PhoneCodeFactor
| PasswordFactor
| PasskeyFactor
+ /**
+ * @experimental
+ */
| EnterpriseSSOFactor;
export type SessionVerificationSecondFactor = PhoneCodeFactor | TOTPFactor | BackupCodeFactor;