Overview
The SSO across two applications stopped working with the Organization feature.
Expected behavior:
Once a user logs in to Application A with a username/password, the user should be able to log into Application B without being prompted for the credentials.
Actual behavior:
The user logged in to Application A with a username/password. When the same user hit the login endpoint of Application B, they were asked for the credentials again.
Cause
The Login Flow was set to “Prompt For Organization.”
The Universal Login Experience will ask for the Organization and then user credentials if the “organization” parameter is not specified upon making a request.
Solution
There are two possible solutions.
-
Use “Prompt For Credentials”.
- If the user belongs to one single organization:
- The user won’t be prompted for Organization upon SSO.
- If the user belongs to multiple organizations:
- The user has to choose which organization to use upon logging in. However, the user will not have to input the username and password again.
- If the user belongs to one single organization:
-
Pass the “organization” parameter to the /authorize endpoint if the application knows which organization to use beforehand (either Organization ID, or if it has been enabled, the Organization name).