Silent auth with enterprise connection (SSO) and organisations only works if connection exposed to the application

As I understand Organisations are there to help group Enterprise Connections.

By default I don’t want to show any SSO options to users and don’t have them assigned to any organisations, but in rare instances, when SSO is required, if a person is logging in via a particular organisation, I want to lead them through SSO.

The issue we’re facing is that if we attempt to do silent auth (vuejs sdk), for some reason it only works with these non-sso users and otherwise fails with “login required” even though we have successful login and exchange.

It does start to work if I enable this connection in the SPA configuration, however then this SSO appears as an option to everyone witch I do not want.

Am I missing some parameters in silent auth? we did attempt to add the connection as a parameter just listing its name (not the ID) and that did not seem to affect any of the payload.

Hi @dom_msk,

Your configuration looks correct. I don’t believe you are missing any parameters in silent auth.

Have you ensured the user was logged in via the organization before performing silent auth?

I have just tested this flow out on my side and got silent auth to work after a user has an existing valid session.

Thanks,
Rueben