Auth0 Home Blog Docs

Automatic logins for different applications using a unique connection


#1

Assuming two applications are using the same connection which would allow the applications to access the same user profile, Is there a feature in Auth0 that would allow a user to automatically sign in a user when he switches between these two different applications without having to enter his credentials if the credentials were already entered in one of those applications?

From my understanding, there is no such thing in Open ID connect specification. The call to /authorize endpoint will always take the client_id, & secret and always asks the user to re-enter his credentials even if the user has been successfully authenticated using the same connection with a different application.

The experience that I am interested in is a true SSO feature just like how Google does. Assuming the user is already signed in, none of the other applications like blogger, google plus or other applications Google own would ever ask the user agin to re-enter the password. Of couse, there should still be a session in Auth0. However the session should not be application specific. Instead, it should probably be connection specific session.

we have more than one domains that use one single user pool and it is a very common case across many enterprises. We still like to seperate these domains to use different client ids for auditing. However, we want the SSO process to be painless for users switching multiple domains.

Is n’t there a workaround for this?


#3

If the user is already authenticated, the default behaviour when triggering SSO is to display a “you were last logged in as joe@foo.com… continue?” (I don’t recall the exact text) at which point the user just clicks yes or continue or whatever it is.

It is possible to suppress that popup so the user is sent straight to the app. If I remember correctly you do this in the hosted login page. I can look up how we did it if you like.


#4

Mark,

Thanks for answering. We do use Hosted Login Page to mask the login popup when we identify the connection name. But we use it for SAML-P connections. This is probably something that I haven’t tried on username/password connections. I will try this and get back to you if this is working. Thanks for your quick reply again.


#5

Happy to help. Not my area of expertise but I believe we are just using prompt=none with our Auth0 hosted connections / DBs: