Removing prompt=login from Auth0 OIDC Enterprise Connection

Connections
Apr 6, 2026
Overview

Since this setting is unavailable in the Auth0 Dashboard, it must be configured via the Auth0 Management API.

Applies To
  • Management API
  • Connection
Solution

Step 1: Get Your Connection ID

Go to the Auth0 Dashboard under the AuthenticationEnterpriseOIDCYour Connection.

The Connection ID is in the URL or in the connection settings.

Step 2: Retrieve the Current Connection Configuration

curl --request GET \
  --url 'https://YOUR_TENANT.auth0.com/api/v2/connections/CONNECTION_ID' \
  --header 'authorization: Bearer MGMT_API_TOKEN'

Save the full response as a backup before making any changes.

This is commonly found in the options object of the response:

{
  "options": {
    "prompt": "login",
    ...
  }
}

Step 3: Update the Connection to Remove prompt=login

curl --request PATCH \
  --url 'https://YOUR_TENANT.auth0.com/api/v2/connections/CONNECTION_ID' \
  --header 'authorization: Bearer MGMT_API_TOKEN' \
  --header 'content-type: application/json' \
  --data '{
    "options": {
      "prompt": ""
    }
  }'

 

Setting prompt to an empty string tells Auth0 not to send the prompt parameter to OIDC, allowing OIDC to use its default behavior — honor existing sessions when available.

Step 4: Verify the Fix

  1. Open the browser Dev Tools > Network tab.

  2. Initiate a login through Auth0 to the OIDC connection.

  3. Find the request to the OIDC /authorize endpoint.

  4. Confirm that prompt=login is no longer present in the query string.

  5. Test SSO: Log into OIDC, then trigger the Auth0 login — the user should pass through without being prompted for credentials or MFA.

NOTE:

  • Only use prompt=none if an existing OIDC session is already established. If no session exists with prompt=none, the authentication will fail silently.

  • Setting prompt to an empty string is the safest option — it lets OIDC decide whether to prompt based on session state.

  • The PATCH request merges the options object, so the other connection settings will remain unchanged. Still, always save a backup of the full config before modifying.

  • A Management API token is needed with read:connections and update:connections scopes. Generate one from the Auth0 Dashboard > Applications > APIs > Auth0 Management API > API Explorer tab, or use the Auth0 Management API explorer directly.

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community