I have two applications set up on the same tenant with separate databases as follows:
- AppA uses DatabaseA, which is only enabled for AppA. Its users are meant to log in through Business Users > Prompt for Credentials login. UserA is stored in DatabaseA and belongs to OrgA, which also connects to DatabaseA.
- AppB uses ConnectionB, which again is only enabled for AppB. Its users authenticate in the context for an organization (OrgB, whose id is passed in through Auth0Provider) via Business Users > No Prompt. UserB is stored in DatabaseB and belongs to OrganizationB, which uses DatabaseB.
The problem:
- If I log into AppA as UserA, then visit AppB, I am shown the login prompt as I would expect. I can then log into AppB as UserB. Great!
- However, if I log into AppB as UserB then visit AppA, UserB becomes logged into AppA and it looks like AppA even gets added to their Authorized Applications. I need to make sure this does not happen.
Any clues as to what might be misconfigured? For context, AppA is the general bucket app for users of several organizations and is neutrally branded, hence no singular organization tie-in. AppB is only meant for a specific customer.