If the user name matches a configured rule, the system sends the user to a particular external identity provider. If the user name doesn't match a configured rule, the system sends the user to the regular password flow. For example, you could set up a rule to send employees to one identity provider, and contractors to another identity provider.

For more information, see Adding an authentication policy.