One time when logging in (without changing anything, but having waited a couple of days over Christmas) I got the following, which logged me into the app. But I have not been able to replicate.
My Azure AD App configured with:
Account type = Multitenant
Implict grant = Access tokens and ID tokens checked
My Auth0 Azure AD connection is configured as
Use common endpoint = enabled
Identity API = Microsoft Identity Platform (v2)
I get the same results with the app deployed from localhost, or hosted as an Azure Web App.
When using the “Classic” universal login experience (the one where you can fully customize the HTML of the login page) coupled with Lock, enterprise connections won’t show a button. Instead, what you get is “Home Realm Discovery”, where you configure one or more domains in the enterprise connection (e.g. “acme.com”) and then Lock will check if the user types an email address with a domain associated with a connection. When that happens, the password field will disappear and clicking the login button will take the user to the external identity provider (Azure AD in this case).
The second image that you posted is the consent prompt. This is Auth0 asking the user for permission before giving the application access to a user’s resource. The consent screen will be displayed once per user/resource/application under certain circumstances:
Application is running on localhost
Application is a third-party app
API (resource) is configured to always show the consent form
