Hello,
In one tenant I have 2 applications (let’s say admin app and main app). I need to configure authorization and SSO flow so that Admins can log in and have SSO enabled for both admin app and main app. But Users can log in only in main app. Does it make sense? Are there any ways to achieve this flow?
Thanks for your help!
Hi @lyic,
Welcome to the Auth0 Community!
Yes, this flow makes perfect sense.
Suppose you’ve created an enterprise connection for your administrators and a separate connection for your regular users. In that case, you can go to your applications’ settings and turn each connection on/off. Your admin application can have the user connection disabled, and your main app can have both enabled. This way, only administrators will be allowed to log in to the admin application.
If you have any further questions, please don’t hesitate to reach out.
Have a good one,
Vlad
Thank you for the answer! That’s indeed works.
But during testing I found out another problem. I enabled connection1 for app1 and enabled connection2 for app2 (without enabling connection1 for app2 yet).
I logged in app1 successfully. Then I logged in app2 in the same browser. After that was logged out from app1. But I expected to stay logged in both apps.
I found this issue has already been reported Universal Login - multiple connections logs you out when logging in another connection .
Could you please provide solution on this case as well? Thanks in advance!
Hi again @lyic,
The Auth0 SSO session cookie is tenant-wide, enabling Single Sign-On across all applications configured within that tenant. The session overwrite occurs when an application explicitly forces a login using a different connection than the one currently stored in the SSO session cookie, thereby updating the session context for the entire tenant. If you enable connection1 for app2 and log in to app1 using connection1, and then return to app2, your session will remain intact since app2 accepts connection1 sessions. This way, admins only need one account to log in to both apps.
Is your plan to have admins have both regular user accounts and an admin account? Because that would require a different solution.
Have a good one,
Vlad
No, admins will have single account for both apps. So your 1st response works completely fine. I was just investigating 
Thank you for the clear explanation of all these cases!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.