We have two application proxy A (external url: https://a.appproxy.com) and B( https://b.appproxy.com), both under the Azure AD SSO Preauth. User can login to both of them individually in two different browser sessions where they get prompted for azure ad credentials followed by a verification code. A has some logic that makes rest service requests to B. A and B internally point to two applications that are in two different servers. A user, when logs in to https://a.appproxy.com from an external network, is getting 302 url redirect for https://b.appproxy.com/services. This is what is captured through fiddler. In the browser console, it is pointing to cors error. If the user opens another browser session and authenticates it to https://b.appproxy.com and goes back to the browser session for https://a.appproxy.com, then the page for application A loads fine with all the data. If the user logs in from the organization network with external url, there is no issue. How can this issue is resolved so that when the user logs in to application A, it delegates the authentication to application B and is able to authenticate using the same credential token. The IIS of both applications are configured to use the windows authentication and their app pool runs as a domain or service account.