How to Achieve Single Sign-On (SSO) Between Applications

Last Modified: Oct 17, 2024

Overview

This article explains how to achieve single sign-on (SSO) across multiple applications so users can log in seamlessly.

Applies To

  • Single Sign-On (SSO)
  • Multiple Applications

Solution

SSO across multiple applications with the same connection

If all applications use the same database connection, then SSO will work seamlessly.

To make authentication seamless and avoid visible redirects, it is possible to use silent authentication, which relies on an invisible iframe to issue a token using the session in Auth0.

To use silent authentication, it’s recommended to configure a custom domain. This allows the application to share the same origin as the Auth0 tenant and solves the issue of browsers blocking third-party cookies.

SSO across multiple applications with different connections

While account linking provides consistency between different connections for an individual user, it does not automatically enable SSO between applications using different connections.

Consider the following:

  • App1 uses only a database connection
  • App2 uses only a passwordless connection
  • A user’s database account is linked with their passwordless account

In this scenario, SSO will not work between App1 and App2. Here is what will happen:

  1. The user logs into App1 with database credentials.
  2. When accessing App2, the user must log in with passwordless credentials. The existing session from the database connection is not accepted for App2.
  3. Once the user authenticates via passwordless, they will be issued the user profile in the token will be from the primary identity (the database connection in this case).