SSO for all OIDC Apps Disabled

I have an environment where users login to a dashboard and then Auth0 performs SSO into other apps from there. SAML apps give the user experience as expected: users select an app and get SSO into it. For OIDC apps, however, users are prompted to authenticate again. I’ve confirmed this happens on all OIDC apps within this tenant and confirmed it with known good apps (to rule out sso_disabled and code that was handling sessions poorly). I’ve also tested this in other tenants and got the experience that I expected.

Anyone run into this before?