Explanation:

Salesforce Canvas apps are used to seamlessly embed external web applications (like the pricing app) within the Salesforce UI, making them appear native to the platform. When agents click into the Canvas app, Salesforce initiates a signed request or OAuth flow to pass authentication context. Because the requirement is that users should not have to log in again to the external pricing app, this rules out any flow that requires user credentials — meaning that the app needs to trust Salesforce to pass user context through OAuth access tokens.

To enable this, the connected app representing the Canvas app must have OAuth settings enabled (Answer B). This ensures that the necessary OAuth scopes (such as id, api, or any custom scopes your app needs) are granted so Salesforce can securely send access tokens to the external system.

Additionally, to avoid users being prompted to manually approve the Canvas app, you should pre-authorize the users (Answer C). By configuring the connected app so that admin-approved users are pre-authorized, and then assigning those users via profiles or permission sets, you ensure that authentication occurs smoothly and silently — supporting the seamless login experience the business requires.

Options A and D are incorrect in this context. Option A ("Enable as a Canvas Personal App") refers to making the app available for users to add to their own personal app list — it has nothing to do with login or authentication. Option D, which discusses SAML and SP-Initiated flows, applies to SAML-based SSO for launching external apps from the App Launcher, not for Canvas apps, which are embedded and use OAuth rather than SAML for authentication.