We have set up Enterprise OpenId connection with Auth0 and have run into the following scenario.
I login to our web application as a user with example email: test@ourdomain.com. We are not prompted with a password due to the domain being recognized by the enterprise connection. Then we logout out of application and Auth0 but not the Enterprise IDP. I then try to login to our app and Auth0 again with a different email of the same domain: anothertest@ourdomain.com. Again we are not prompted for a password because our domain is recognized. When i log in, i see that I am actually logged in with the first email because we are still logged in to the Enterprise IDP. This is confusing to our internal users who are switching accounts for testing purposes where we might have many different accounts to test different scenarios for different roles. We are forced to log out of the Enterprise IDP separately in order to switch to a different enterprise account. Is there something we should be doing differently here so that we can change accounts in our app as well as the Enterprise Connection?
Hi there!
Welcome to the Auth0 Community and I am sorry about the late reply to your post!
It appears that whenever you sign out the user, you only sign them out of the Auth0 session but not the IdP itself. That would explain why the user logs out, their IdP session is kept and they are prompted to sign in only on the Auth0 session and being redirected to the old account when that is finalized.
I would advise you to also redirect the user to the federated logout endpoint in order to sign them out with the IdP as well. You can read more about that in our documentation.
If you have any other questions or already found the solution yourself, feel free to leave a reply or post again on the community!
Kind Regards,
Nik
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.