Skip the lockbox prompt and automatically redirect to Client when the user is already logged in

  1. I have created new Enterprise connection with SAMLP Identity Provider. (Connection → Enterprise → SAMLP Identity Provider) and configured Salesforce as IdP and Auth0 as SP.
  2. Also I configured IdP initiation SSO to a Client A. (Clients → New Client → A)
  3. I enabled Salesforce connection for both Client A and Client B
  4. When I login through Salesforce, auth0 automatically takes me to Client A.
  5. But when I go to Client B the lock box shows me a prompt of previously logged in user.
  6. Is there a way to seamlessly log in into other clients when the session is valid ? why does the prompt even appear when the user is already logged in.

Note: It works when I send the connection=Salesforce-Test in Client B’s SAML IdP URL but I want it to be the default behavior.

Flow 1

Salesforce (IdP) → Auth0 (SP) → Client A (Redirect) ==> Successful login without lock box prompt

Flow 2

Client B (Redirect) → Auth0 Lockbox with previous logged in user (I don’t want user to see this) → Click on the username → Client B logged in

At this time the default behavior of Lock in the hosted login page is indeed to still present the end-user with that option screen; I’ve seen discussions about not having that step and proceed to automatically provide a response without end-user interaction, but at this time I don’t have any definitive information available in terms of how/when that would be a possibility.

As you mentioned, if the client application makes the connection explicit then the screen is bypassed and if the client application specifies prompt=none then the experience would be similar. Although with prompt=none you’re guaranteed that the request will not block if end-user interaction is required so you could perform such request behind the scenes and automatically treat the user as logged in if the response is successful.