diff --git a/apps/red-ui/src/app/modules/auth/auth.guard.ts b/apps/red-ui/src/app/modules/auth/auth.guard.ts
index 38d88525e..180aba176 100644
--- a/apps/red-ui/src/app/modules/auth/auth.guard.ts
+++ b/apps/red-ui/src/app/modules/auth/auth.guard.ts
@@ -10,19 +10,20 @@ import { BASE_HREF } from '../../tokens';
 })
 export class AuthGuard extends KeycloakAuthGuard {
     constructor(
-        @Inject(BASE_HREF) private readonly _baseHref: string,
         protected readonly _router: Router,
+        private readonly _userService: UserService,
         protected readonly _keycloak: KeycloakService,
         private readonly _configService: ConfigService,
-        private readonly _userService: UserService
+        @Inject(BASE_HREF) private readonly _baseHref: string
     ) {
         super(_router, _keycloak);
     }
 
     async isAccessAllowed(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> {
         if (!this.authenticated) {
+            const kcIdpHint = route.queryParamMap.get('kc_idp_hint');
             await this._keycloak.login({
-                idpHint: this._configService.values.OAUTH_IDP_HINT,
+                idpHint: kcIdpHint ?? this._configService.values.OAUTH_IDP_HINT,
                 redirectUri: window.location.origin + this._baseHref + state.url
             });
             return false;