Hi,
as we have GoodData embedded as an iframe, the parent page is always authenticated with Auth0, and to the organization in this SSO case. We have persistent sessions in use in Auth0, and thus by default it uses that session.
The workaround was to enable these SSO connections directly in the GoodData application in Auth0 as well, so that those connections can be used even if the organization is not defined. (We made these SSO connections invisible from the Auth0 login screen.)
The Auth0 session does seem to be able to reuse the SSO connection session, if it´s available directly to the application in Auth0. In multitenant setup we can´t normally have all these connections available for all the users.
So initial login is through the organization in our main application, and when GoodData authenticates, it does it without organization, but Auth0 session remembers the SSO connection even without organization, if the connection bound to the application.
We just need to ensure our main application keeps the session active, so that it´s always available for GoodData