Problem Statement
Trouble configuring (SSO) Single Sign-On with Auth0.
Solution
The recommended solution to implement Single Sign-on (SSO) with Auth0 is by using the Universal Login for authentication.
When using the Universal Login, SSO is possible with Web Applications and native platforms like iOS or Android.
If you cannot use the Universal Login with your application, then you could consider using Embedded Authentication for SSO by using either:
Note that Embedded Login introduces more complexity and lowers security when implementing SSO as described in our Migrate from Embedded Login to Universal Login doc.
You may also find the comparison between the advantages and disadvantages of the Universal Login vs. the Embedded Login helpful: Centralized Universal Login vs. Embedded Login
Behind the scenes during SSO login, Auth0 will set an SSO Cookie and redirect the user to your application with an ID Token.
The SSO Cookie is used to check the user session of the user to determine if it’s valid.
Hence, during subsequent logins, the application will check if an SSO cookie exists previously in the browser session. If so, the user continues onto the application without being prompted for their credentials. If the session is invalid, the user will be prompted to submit their credentials again to log in.
See Single Sign-On to learn more.
FAQ:
Q: Why does my SSO never expire?
A: Your application has the Refresh Token Rotation option enabled, hence why SSO never expires.
Q: I have Embedded Login in one app and Universal Login in another, how do I set up SSO?
A: You cannot share SSO if app A uses Embedded Login and app B uses Universal Login. Both applications must either use the Universal Login or Embedded Login to configure for SSO between apps. This is due to how SSO works in Auth0.
Reference Materials