Here’s the issue. We discovered the ITP issue with Safari where we could not SSO to applications across our own platform. We were able to solve this by adding a custom domain to our tenant. Now users on our platforms on Safari CAN successfully SSO to applications on our platform.
The remaining issue… I believe we still have issues (or may have issues) is with our partners that we SSO to that has a different top-level domain. For SAML2 this appears to not be an issue but for OIDC, in particular, it appears to be an issue. Can anyone corroborate this?
If so, does anyone have a workaround? OIDC is optimal as we simply create an application on our Auth0 instance and our partners just use the Auth0 client to do silent SSO on their end. I would have to think we have to have everyone go back to SAML2.
Thanks ahead of time…
Ryan