How to authenticate and launch one application from another application for okta authenticated user

I have app1, app2, app3 in same tenant all are SPA I logged into app1 and need to launch app2 and app3 without giving password and username again, Kind of SSO to the application with same Okta user.

Hi @sdevmore , welcome to Auth0!

Does the user in context belong to a single connection that is enabled for all three SPAs apps registered in Auth0? This way the login context would be shared between apps. One thing to keep in mind is that by default, Auth0 will display a user consent prompt (APIs associated with SPAs asking for permissions to interact with Auth0 user profile) during the first login to each app. (This can be skipped by enabling “Skip user consent” Under APIs Setting section.)

Please let us know if that work for you!

Yes it uses same connection.

Didnt get that fully!, Let me put in my problem again in brief

I had created 2 Single page applications(different clientId) which belongs to a single tenant. The angular applications which are deployed uses auth0-lock package inorder to authenticate then our application does resumeAuth is hash provided after authentication in the URL.

Now, our scenario is when i login into application 1 using a (emailId and password) or using (SSO for federated domain), how can we skip the login process of second application when trying to navigate to second application from first application ( basically SSO into another application )

Yes, want the implementation for the same facing issues during SSO Into other application.

Hi @sdevmore , @shan2510 !

Thanks for sharing your settings!
When using auth0-lock package (embedded login) , there are two conditions that need to be met to guarantee SSO in Auth0:

  • applications and the Auth0 tenant must be under the same domain (custom domain feature),
  • all apps have to be first party (meaning they have to be registered under the Auth0 tenant) - this condition you’ve already met.

Can I assist you in any follow up questions? Also please let us know results!

Hi @marcelina.barycka , Thanks for your quick reply and the intend in helping me out with the solution.

Let me brief some more functionalities in the application.

First of all as per my understanding for the point no 1 mentioned above

1.applications and the Auth0 tenant must be under the same domain (custom domain feature) - so, for example i have a domain hosted as and another application The custom domain in auth0 setting is for users with database authentication means username and password and regular domain

In the above example my both SPA applications functionality will be like the users with username password authentication will use custom domain to authenticate and other users who login using SSO into their domain (own login screen) will use regular domain to authenticate.

I need to mention the way SSO is done - it is like from application 1 i had created a new auth0-lock with application 2 clientId and called checkSession call for that lock after it was successful, navigated into application 2 url by passing the accessToken and other parameters received during the checkSession call.


  1. As per you comment could you please provide me the information that will both type of users be able to SSO into the SPA?
  2. Whether the process i had followed is correct?
  3. Can the login be skipped using saml login method if yes how to achieve it for single page applications? Because i can see examples for tableau and other applications in documentation which was working.

Hi @shan2510 !

For SSO to be possible, these two apps and your Auth0 tenant have to be under the same parent domain - in your scenario, the parent domain would be meaning you met the criterion for that.

Just to confirm - you plan to use the Auth0 lock widget hosted in your own server instead of using it together with the Classic Universal Login page (Auth0 hosted login page)?
Would Auth0 be the SAML Identity Provider for both apps?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.