Configuring single login between two Auth0 tenants on separate domains

We have two applications on two different domains, both of them are using Auth0 with their separate logins. Looking for the right pointers to help us achieve one single login for both the apps.

Hey there @avharsh and welcome to the Auth0 Community!

I’m investigating the best course of action for your with our team and I will share as soon as we have a path forward. Thanks!

Hi @avharsh
The basic idea in these cases is that both application are configured to use the same identity provider (your Auth0 domain) to authenticate users. They should use universal login (i.e. redirect the user to the Auth0 domain to request an authentication).
By using the same identity provider, the user benefits from the session created on the first login, so there’s no need to authenticate twice. From the point of view of the individual apps, though, there are two authentication requests. E.g.:

  1. User goes to app1.com. App1 does not recognize the user (the user doesn’t have a session in the app), redirects to your Auth0 domain to authenticate.
  2. User authenticates in your Auth0 domain. A session is create for the user. A response is sent to App1.
  3. App1 receives the response and it creates a session for the user, so that future requests are authenticated.
  4. Now user goes to app2.com. App2 does not recognize the user, redirects to your Auth0 domain to authenticate.
  5. User lands in the Auth0 domain. Auth0 recognizes the existing session, to it redirects to the app immediately without any prompts to the user.
  6. App2 receives the response and it creates a session for the user, so that future requests are authenticated.

As you can see, both apps perform the same basic steps (“Hey Auth0, please authenticate this user”), but the user only logs in the first time.

3 Likes

More info at Single Sign-On

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.