Partial SSO on selected clients


I’m trying to figure out, the best way to configure our tenant.
We have a paid tenant, with currently 1 configured custom domain (, and we are currently in the process of moving our existing applications into the auth0 realm.
All of our applications and sites share the same userbase, that is to say, that if you create a user in system A, the user is available for the applications B,C & D as well, should the user desire to make use of it.
Some of the applications share a home-grown SSO solution today, and this should be maintained in the future, whereas some of the other applications are stand-alone, in a sense of SSO.

What would be the most viable way to achive, that applications A & B can share a userbase with application C & D, with all of them using the Universal Login page as their entry point? Only A+B would use the Silent Authentication feature, to enable SSO.
If they all user the same domain, a login on application D, would enable silent authentication on application A+B, if done on the same device?

I was thinking of setting up a secondary domain for applications A & B (, but having all of the applications use the same database connection for their user base.

Would this be enough to achive the desired setup, or is there a SSO feature that I’ve missed, which would enable the selective SSO on a single domain?


I fiddled around a bit, and tried to set up a secondary, custom domain on the same tenant, but was hit with an error.
Apparently, only one domain per tenant is supported, so there goes that plan :slight_smile:

Anyone else, with any experience in setting up a solution, where only a part of the applications make use of SSO, but all share the same userbase?

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?