Auth0 Home Blog Docs

SSO samesite cookie policy needs to be disabled for it to work properly

I’ve configured my Auth0 application that will enable my sites to work with SSO, so the user doesn’t need to log-in every time.

There’s an scenario where my site is shown inside an iframe on another site (mine too), but in order for it to work properly, I needed to disable the SAMESITE cookie policy.

Is this expected behavior?

Also, I configured an Enterprise connection with Auth0 and in order for it to work with SSO, also had to configure the auth server to emit the session cookie with the SAMESITE policy disabled.