This article clarifies why a "logged out" message does not appear in Auth0's history and why users are not required to re-authenticate when going directly to the application after a logout request. 

• Federated Logout
• Security Assertion Markup Language (SAML)
• Auth0 as Identity Provider (IdP)
• Auth0 as Service Provider (SP)

The issue occurs when the application is updated to pass the federated parameter, and Auth0 is configured to act as both the Security Assertion Markup Language (SAML) Identity Provider (IdP) and Service Provider (SP).

To support a federated logout flow triggered by Security Assertion Markup Language (SAML) when Auth0 is both the Identity Provider (IdP) and Service Provider (SP) (e.g., two tenants connected via a SAML connection), the SAML Service Provider (SP) connection on the Auth0 tenant must call the correct SAML logout endpoint on the IdP tenant.

1. The Auth0 tenant's connection, which acts as the SAML Service Provider, must call the following SAML logout endpoint on the IdP tenant:

https://IDP_TENANT_DOMAIN/samlp/CLIENT_ID_WITH_SAML_ADDON/logout

2. The IdP tenant's client with the SAML Web App Addon enabled should have its Single Logout (SLO) settings Point at the SP tenant's SAML SLO logout endpoint so the IdP tenant can properly complete the logout of the SP tenant in this triggered SAML flow:

https://SP_TENANT_DOMAIN/logout

 Refer to Configure SLO when Auth0 is the SAML IdP for more details.