![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 84%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVH%3C/text%3E%3C/svg%3E)
3,267 questions
Hi @Vasant Horapeti • Thank you for reaching out.
From your question, I understood that in your custom policy you have set Single-sign-on configuration to Tenant. Despite that, when you authenticate two different applications via the same User flow, you have to authenticate for each application.
The only reason I can think of, that could be contributing to the issue, is the usage of the prompt parameter in the authentication request. This parameter indicates the type of user interaction that is required. When prompt=login parameter is present in the authentication request, it forces the user to enter their credentials on that request, negating single-sign on.
If you are passing prompt=login in authentication request, try removing it and test again.
Other valid values that can be set for this parameter, are:
- prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error.
- prompt=consent triggers the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app.
- prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.