Multi-tenant, multi-application and SSO

I am trying to figure out how to setup my use case in auth0 for the company I work in.

Our applications are made up of various cloud microservices that cooperate with each other.
I needed your help to understand what we need to be able to set what I describe below. Some things we have already done but others we do not have clear how they should be done and in the documentation it is not clear very well.

We have multi-tenant applications.
Currently we have set the multi-tenant through the connections, each connection is a tenant (as recommended in the documentation).
We have the applications registered in auth0 as single page application.

We would like to have the possibility to log in one application and also be logged in the other, always for the same tenant.
Now I would like to understand how I can make this work.
Do I need to create an API for each single page application?
I would also like to have the option to be able to revoke the user session for each application.

For example:
USER1 login in the web APPLICATION1.
USER1 now go to the web APPLICATION2(this application2, like application1, is enabled for the connection of the user1) and the USER1 is automatic logged.
I would like to see all 2 application grants on the user grants page. Am I saying right?