This all can be done but one app needs to be the master where you create and maintain all the users.
First check out this post on how to autologin a user: https://forum.mendix.com/link/questions/89952
When you have that working create webservices in the master app where the URL can be retrieved including the token so that the user can switch from one app to another. In the masterapp when retrieving a request for admittance do a webservice call to the slave app for the token and push the user roles of that user. Then create the URL that can be used to login and pass that back to the slave app that requests admittance. This way the master app controlls everything.