> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Native to Web SSO

> Understand how Native to Web SSO transitions authenticated users from native to web applications.

Auth0’s Native to Web <Tooltip tip="Single Sign-On (SSO): Service that, after a user logs into one application, automatically logs that user in to other applications." cta="View Glossary" href="/docs/glossary?term=Single+Sign-On">Single Sign-On</Tooltip> (SSO) feature provides a seamless user experience transitioning authenticated users from your [native application](/docs/authenticate/login/native-login) to your web application.

If your web application relies on embedded WebViews or external browsers to deliver extended or advanced functionality, your users can move between native and web environments in the same authenticated session.

By binding Session Transfer Tokens to the specific device through IP address or ASN, session continuity and security is maintained and ensures the authentication context remains secure throughout the transition.

## How it works

<Frame>
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/auth0/docs/images/cdy7uua7fh8z/4gFE2RP5ZCEcukiNF3Gpae/f957034f63c36d5a11f6a64d988c00e9/sequence-diagram.png" alt="Native to Web SSO workflow" />
</Frame>

1. A user logs in to your native application.
2. Auth0 authenticates the user and returns an access token, refresh token, and ID token.
3. Your native application calls Auth0’s [`/token`](https://auth0.com/docs/api/authentication/authorization-code-flow-with-pkce/get-token-pkce) endpoint to exchange a refresh token for a Session Transfer Token. The Session Transfer Token is bound to a specific IP address or ASN.
4. Auth0 returns the Session Transfer Token for authentication with a web application.
5. Auth0 authorizes the Session Transfer Token as part of the cookie or as a URL parameter, and then returns an [authorization code](/docs/get-started/authentication-and-authorization-flow/authorization-code-flow).
6. The web application exchanges the authorization code for access or refresh tokens at the [`/token`](https://auth0.com/docs/api/authentication/authorization-code-flow/get-token) endpoint.
7. The web application initializes a session for the user.

Learn how to [Configure and Implement Native to Web SSO](/docs/authenticate/single-sign-on/native-to-web/configure-implement-native-to-web)

## Limitations

* Once Native to Web SSO is enabled in an application, the `session_transfer_token` parameter only works for Native to Web SSO.
* <Tooltip tip="Refresh Token: Token used to obtain a renewed Access Token without forcing users to log in again." cta="View Glossary" href="/docs/glossary?term=Refresh+Tokens">Refresh Tokens</Tooltip> originated from a previous Session Transfer Token transaction do not generate new Session Transfer Tokens.