We have a use case where we have few applications under the same tenant in Auth0 and we also have seamless SSO enabled. The current behaviour for Authentication is, the session lifecycle for different applications for the same user is tied together (When a user logs in to one application, he’s already logged in to other applications under the same tenant).
Is it possible to disable this behaviour for one application alone in this tenant? We would like to retain the above behaviour for all applications except one application.
Our existing solution is to use a different tenant for this application, but we’d have to migrate all users from the existing tenant.
Hi @krishna2 , welcome to Auth0!
One way for this this single app to not share the session with other apps under the same Auth0 tenant is enabling this app to use a separate Auth0 connection (that is not enabled for other applications within the Auth0 tenant).
Please let us any questions!
Hi @marcelina.barycka, thank you for responding.
Unfortunately, we need the same set of users to be able to access both the applications and therefore we cannot use a different Auth0 connection.
I came across one of threads for this problem :- How can I avoid Session sharing between 2 SPA (Single Page Application) in the same tenant? - #3 by dan.woda
The accepted solution here doesn’t seem to work in my case.
Can you please let us know if there are any additional work arounds that can be done here?
Thanks!
Hi @krishna2 ,
Thanks for following up!
Just to confirm, setting the flag for the app to sso_disabled: true
doesn’t work?
This knowledge article summarise it - Disable Seamless SSO Between Applications.
Hi @marcelina.barycka , setting the sso_disabled: true does work, but now the user has to login every time the page is reloaded or a new tab is opened in either of the application.
Are there any other workarounds where different sessions are created for different applications but refreshing the page / closing-reopening tabes doesn’t ask for a new login?
Thank you!
Hi @krishna2 ,
Thanks for summarizing results for the sso_disabled:true and apologies for late response on that.
One thing that comes to my mind is configuring this single app to use the silent authentication. Basically the silent authentication happens when the /authorize (login) request is sent by the app with the param prompt=none
.
Then, if the user has a valid session on the Auth0 server, they will be logged in; if not, the Auth0 server will return one of the error messages described here. If that happens, you would have to handle this error so that the user is redirected to the Auth0 login page (the app would have to send another /authorize request, just this time without the param prompt=none) so that the Login page is displayed to the user.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.