Universal login implementation with multiple domains

I’m just going through the Auth0 universal login(https://auth0.com/universal-login) page. It has this image that two web applications (www.acme.sport and www.acme.media). That two web applications are login the users by a single login page(accounts.acme.com). This is the requirement I want to add my project. I’ve gone through much auth0 documentation but I’m not able to to find any example related to the above requirement. Please Can anyone tell me how to implement that or point me in some direction?

Thank you!

Hi @tharindukw96,

By default, the Universal login page would be hosted on a site like https://<YOUR_TENANT>..auth0.com/

You can change this by configuring a Custom Domain to allow you to host the universal login page on a subdomain of your own domain.

e.g. for the domain acme.com, you could have account.acme.com.

This universal login page can be used for all of the applications you configure, you just need to begin an /authorize call with a “redirect_uri” back to the app being logged into so the user is sent back to the right place after authentication.

Please see here for some more information on the various authentication flows available: https://auth0.com/docs/flows

Hello @sgo,

Thank you very much for the details.

I’ve created a tenant with two applications (Without a custom domain for universal login). I configured my two PHP applications by following this doc page. I require to configure the single sign-on between my two PHP applications. I’m quite confused because the users can log in to the applications seperately. Auth0 is not identify the current login user from the other application. When I checked the networks there was a 404 for ssoData.

Request URL:https://papacambridge.eu.auth0.com/user/ssodata
Request Method :GET
Status Code: 404

Did I go through the correct configuration or I need to add a parameter for enabling SSO to Auth0 SDK?

Thank You!

The ssoData is a legacy response still in use by some older Auth0 tenants, by default all tenants now use ‘Seamless SSO’. You can ignore the 404 for that endpoint.
Seamless SSO means that no prompt is shown to the user if they already have a valid session (and they presented their auth0 session cookies in the authorize request).

So you should be finding that if a user has already logged into one PHP app, when they attempt to login on the second app on the same tenant, it would direct them to Auth0, and then be immediately redirected back as they already have a session, without needing the user to enter their credentials again.

If you are seeing differently, your browsers may be stripping the Auth0 cookies required to allow the SSO to work, if the cookies are seen as 3rd party. Setting up a custom domain on your tenant should stop the cookies from being treated as 3rd party by the browser and allow them through however. You could also test this by enabling 3rd party cookies on your browser to check it works.

2 Likes