![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 87%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
1,307 questions
The authentication is handled by the IDP (here ADFS). If both applications are trusted by the same IDP, the user doesn't have to "re-authenticate" as it already has a valid session with the IDP (granted the conditions for that session to be valid are still met - authentication policy, force fresh authentication, access policies, session times... those can influence that behavior).
I don't know how application this is for your scenario and your applications, but you could also request a OAuth token from a SAML token. This is described here: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-saml-bearer-assertion (but it might very well be out of scope for you).
Now if that application is not known by the IDP, you can still do something custom in the app I suppose, but that's no longer a federation question.