With identifier first authentication, also known as identity discovery, you can identify users before you authenticate them. You can set up rules that will take different authentication actions based on who the user is.
If the user name matches a configured rule, the system sends the user to a particular external identity provider. If the user name doesn't match a configured rule, the system sends the user to the regular password flow. For example, you could set up a rule to send employees to one identity provider, and contractors to another identity provider.
For more information, see Adding an authentication policy.