Is it possible to do Primary authentication in Multi-tenant setup?

1- Is it possible to make the Primary Authentication flow ( /authn ) work in a multi-tenant setup?
2- What are the required configurations needed to make the /authn requests work against a Tenant?
3- Does the Delegated Authentication configuration is required to make /authn request work?

  • Problem:

    • The Primary Authentication Flow works against the Tenant A, but we haven’t find a way to exchange the sessionToken from Tenant A for an accessToken in Tenant B.

    • The Primary Authentication Flow does not work against Tenant B. The following error is returned (we’ve made sure valid username and password credentials are provided).

      • “errorCode”: “E0000004”,
        “errorSummary”: “Authentication failed”
    • The authorization code flow works against the Tenant B, where the authorization server is setup, but the Primary Authentication flow does not.

  • We have the following setup:

    • Tenant A

      • Has the Org2Org connector to provision users into tenant B
      • Has the AD setup
      • Works as IdP
    • Tenant B

      • Has Tenant A configured as IdP
      • Has routing rules for user authentication into Tenant A
      • Has the custom authorization server setup where clients and users can provision access tokens from.