I have a single Azure Active Directory tenant for the domain “example,com”. I create two registered applications in that tenant, each with their own Client ID and Client Secret. They are both configured to allow logging into an application that uses Auth0 (essentially these exact instructions done twice).
When a user of this AAD tenant logs in with their example,com email, Auth0 redirects them to login,microsoftonline,com/example,com/oauth2/authorize?.. to login. My question is: How does Auth0 make the decision of which connection to use?
By enabling and disabling one connection at a time, I am able to force the user to login with a specific one, but when both are enabled there is no clear answer as to how Auth0 decides which to use. This matters because as far as Auth0 is concerned, each login identifies a separate user, so me@example,com exists twice when they log in with each connection.
Note: I’ve substituted commas for dots in ‘link-like’ pieces of text because the site doesn’t allow new users to post more than 3 ‘links’ (?)