We have Auth0 configured to use new universal login with identifier first. We have 2 enterprise connections setup to route users to the proper IdP based on email address.
We have 2 apps setup via SAML to use Auth0 as their IdP.
If a user goes to app A, they get redirected to Auth0, enter their email address, get routed to the proper enterprise connection, login, then are redirected back to Auth0 then back to app A and are logged in.
If they then go to app B, they get redirected to Auth0. At this point, my expectation is that Auth0 would know that the user is already authenticated and redirect them back to app B as an authenticated user. Instead, they are asked for the email again, redirected to the right enterprise connection which rightfully recognizes they are already authenticated and then sends them back.
Is there any way to prevent the duplicative step of asking for an email address a second time? This somewhat defeats the purpose of SSO between app A and app B to us.
Thanks for the help!