I have two Auth0 tenants (for legacy reasons) and I have this set up:
Tenant 1 (Auth0) – oidc → Tenant 2 (Auth0) —oidc–> External IDP
The app provides a connection when calling Tenant 1, no login screen is rendered and the user is implicitly redirected to Tenant 2
On Tenant 2 the application that Tenant 1 calls, has only one connection enabled (the one that takes the user to the External IDP), however, the user is prompted for an email address on Tenant 2’s universal login page
Is there a way to force Tenant 2 to skip the universal login screen and take the user directly to the external IDP’s login page
This should be possible, it depends on how you are making the /authorize call (manually vs. SDK). Please see the following article wherein a couple of options are outlined:
Thanks @tyf however in my case I have an additional problem:
It’s app → tenant 1 → tenant 2 → remote idp
From app → tenant 1 I can specify the connection and I can make it go to tenant 2 as expected
tenant 2 is also on Auth0, and I can’t specify the connection when calling tenant 2 from tenant 1.
The link between tenant 1 and tenant 2 is via oidc, I provide a client id and the usually oidc spec, but I cannot specific a connection.