Thanks for sharing your settings!
When using auth0-lock package (embedded login) , there are two conditions that need to be met to guarantee SSO in Auth0:
- applications and the Auth0 tenant must be under the same domain (custom domain feature),
- all apps have to be first party (meaning they have to be registered under the Auth0 tenant) - this condition you’ve already met.
Can I assist you in any follow up questions? Also please let us know results!