hello everyone; Currently I have the following dilemma; I have two applications in different tenants with different purposes and applications, in tenantA I host an application to login to the customer portal and in tenantB I host an application to login to the employee portal, however, there are cases where A client A of my company can be an employee of my company at the same time, so that he can have access without needing to authenticate twice, I want to provide him with session transfer between the two portals; Is it possible to interact with SSO between application A and application B if they are on different tenants? How can I do it?
Hi @nelsonfabianzunigaro , the short answer is no. SSO works between applications in a single tenant and not between multiple tenants. This is because the user accounts and sessions can be shared only within a tenant.
That said, you can technically connect the two tenants with a connection like SAML and get users to log in across tenants. This will have more moving parts and would be a clunky solution though.
Generally, if you foresee the users being shared across apps, the apps should be created in a single tenant - unless you have any specific blockers from using one.
I have an additional question on the same topic. One of the problems is that my applications have different registration flows depending on the data need of the web portal and its connection to different databases, this is because due to business necessity the suitability validations have different parameters, and also I understand that in a tenant authentication you can only have one registration flow; my question is; How can I deal with this complexity? If I create multiple tenants, can I have multiple registration flows to reduce the complexity of this scenario?