Unable to use SSO among applications belonging to same tenant

Prabhay Gupta 21 Reputation points
2022-02-21T14:44:09.923+00:00

We have two applications that belong to the same tenant and use the same user flow. The SSO configuration on UserFlow is a tenant. But we observe that the user needs to sign in to these two applications each time. SSO is not working for these applications.

We are using built-in UserFlow(Signup&SignIn).

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,837 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,307 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,556 Reputation points
    2022-02-22T09:40:23.187+00:00

    Hi @Prabhay Gupta • Thank you for reaching out.

    From your question, I understood that you have set User Flow > Properties > Session behavior > Single-sign-on configuration to Tenant. Despite that, when you authenticate two different applications via the same User flow, you have to authenticate for each application.

    The only reason I can think of, that could be contributing to the issue, is the usage of the prompt parameter in the authentication request. This parameter indicates the type of user interaction that is required. When prompt=login parameter is present in the authentication request, it forces the user to enter their credentials on that request, negating single-sign on.

    If you are passing prompt=login in authentication request, try removing it and test again.

    Other valid values that can be set for this parameter, are:

    • prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error.
    • prompt=consent triggers the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app.
    • prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.