Hi @security3
Thank you for reaching out!
Let me try and provide some clarity on the questions you raised, as the information can sometimes be a little obscure:
- Which tenant is the root tenant authority? → You actually do not need to know or set a tenant as the RTA by default as it does not impact anything related to your Auth0 environments. When working with our Support team to enable SSO, you decide with them which tenant would be marked as your RTA and the other tenants as “child tenants” let’s say. The RTA is essentially an administrative tenant to which Auth0 has access to assist with any issues that may come up. This was mentioned briefly on this following Knowledge Article.
- To enable SSO for your tenant, you will need to submit a Support case with our team who will guide you through the process, but all tenant that are under your Enterprise agreement have access to the Enterprise features, while tenants that are not will have more limited access. As far as I know, SSO integrations act per tenant and I would assume this would stand true, SSO would need to be enabled on each tenant. This being said, our Support team would be the best resource for information regarding this.
Hope this helped!
Gerald