SSO and Universal Login select account feature (formerly disabled seamless sso)

christian.fuerst · October 25, 2018, 5:27am

Hi,

I created a Tenant a while ago which had in the tenant settings the option “Enable/Disable seamless SSO” which when using the default Universal Login (Hosted Lock 11) could make the user prompt for account selection if he still had a session with auth0 or just redirecting him to callback right away.

With a newly created Tenant i do not have this option anymore. Now when using all standard settings in the tenant im not able to achieve the same behaviour again.

I tried various options of the lock11 like rememberLastLogin or from the auth flow of the openid standard prompt=select_account, neither somehow works.
https://auth0.com/docs/libraries/lock/v11/configuration#rememberlastlogin-boolean-
Final: OpenID Connect Core 1.0 incorporating errata set 1 (3.1.2.1 see prompt)

Not sure if its a bug, but would be awesome if anyone could point me in the right direction.
Thnx

konrad.sopala · November 5, 2018, 12:19pm

Hey there @christian.fuerst!

When it comes to “Enable/Disable seamless SSO” option, all new Auth0 tenants come with seamless SSO enabled, legacy tenants may choose whether to enable this feature.

https://auth0.com/docs/sso/current/setup#addendum-sso-configuration-for-legacy-tenants

Let me know if that helps!

christian.fuerst · November 5, 2018, 12:40pm

Hi Konrad,

Thanks, i read this too. But the question remains: openid standard has a spec for account prompt:
Final: OpenID Connect Core 1.0 incorporating errata set 1 (3.1.2.1 see prompt)

and i would like to still have account prompting with new tenants.
So how do i do that?

Thanks

konrad.sopala · November 21, 2018, 1:44pm

Hey @christian.fuerst! Sorry for not getting in touch for so long. You can use the prompt=login parameter in your authorize link to ask for credentials each time. When it comes to rememberLastLogin if you have SSO enabled, no matter what the rememberLastLogin says it then takes the inactivity timeout and require log in after values to log you out

Here’s the same situation from another user:

Hope it helps!

konrad.sopala · December 4, 2018, 11:46am

Hey there @christian.fuerst!

Have you managed to achieve what you intended based on the info I provided above?

christian.fuerst · December 6, 2018, 3:32pm

Hi Konrad,

I think we can “resolve the issue” since (from the other thread) its just not possible anymore

konrad.sopala · December 6, 2018, 5:15pm

Can you post that thread here also so that other members of our community can benefit from this too? Thanks a lot!

christian.fuerst · December 6, 2018, 5:22pm

sure, its the one u posted:

cheers

konrad.sopala · December 7, 2018, 7:21am

I know Thanks a lot for that!

system · January 6, 2019, 7:30am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
We cannot disable "Use Auth0 instead of the IdP to do Single Sign-on" for one of our applications Knowledge Articles	1	1463	May 23, 2023
Disable Seamless SSO Between Applications Knowledge Articles sso-integration	1	1543	October 26, 2023
Seamless SSO question Help sso	2	5115	July 26, 2019
SSO not working with "new" universal login but does work with "classic" universal login Help login-experience , login-prompt-new-experience	2	370	March 2, 2024
Attempting to migrate from lock v9 to v11 -- problems(?) with rememberLastLogin Help lock , oidc-conformant , embedded-lock , last-login	2	4089	December 14, 2018

SSO and Universal Login select account feature (formerly disabled seamless sso)

Related Topics