Propagating an Auth0 login on one application to multiple applications

I have an application that I have implemented Auth0’s authentication into. I want a user who logs into this application to be automatically logged into a second application as well. How do I go about implementing this functionality in the second application?

I have tried using the silent authentication feature by setting prompt=none as per the documentation here: https://auth0.com/docs/authorization/configure-silent-authentication

However, when redirecting to the specified URL given in the callback_url parameter, I get these parameters appended instead of the access token: #error=login_required&error_description=Multifactor authentication required. I think this is to be expected because MFA is enabled for the users. However, I expect that the MFA authentication would be done once and when logging in and thus should not be required again once the users have logged in and Auth0 has issued an access token.

Is there any way to workaround this?

Hi Sargent,

If the user opt in the “Remember this browser” on their MFA screen, it won’t ask for MFA in the next 30 days so the silent authentication will succeeds.

If you don’t want to rely on the user’s behavior, you could also use this rule to customize the MFA trigger. Please remember if you use the rule to control when MFA is required, you need to turn off the “Always ON” MFA in the Tenant Dashboard > Multifactor Auth.

Hi,

I think a “Remember this browser” mechanism is not something we want. However, prompting a user for MFA when performing a silent authentication could work, though I am not sure how to accomplish that. Ideally, if the user isn’t prompted at all when authenticating silently, that would be great.

Can we check a user’s existing session in a rule before allowing a MFA prompt?

Hi Sargent,

Can we check a user’s existing session in a rule before allowing a MFA prompt?

Yes, this is exactly what this rule does. With this rule, you can customize the MFA to be prompted only once for each session.
And please remember if you use the rule to control when MFA is required, you need to turn off the “Always ON” MFA in the Tenant Dashboard > Multifactor Auth.

Yes, we are already using a rule to selectively enable MFA based on the connection name. Just that checking it once per session is not enabled. Thanks, I will try this rule and check if it works out for me.

Let us know once you have a chance to test it!