Use deeplinks and the autologin method to hand over users. And use webservices in the first app to create the user accounts for the second app. For the autologin part see this blog: https://medium.com/mendix/mendix-autologin-with-deeplink-1c8fa92873a8
Regards,
Ronald
[EDIT]
The marketplace module is still there but Mx7: https://marketplace.mendix.com/link/component/107925
The link to Matt's blog is no longer working unfortunately.
The typical way to solve this is by using an identity provider that the customer already has, such as AzureAD, Okta or a competing product. Mendix has a platform supported SAML module which takes care of authentication. You can do user provisioning (account creation) through API's: most modern identity providers have a SCIM interface which is pretty easy to implement.
If the customer doesn't have an IdP solution in place, you need to build something yourself, or convince the customer to buy one. Personally, I would look into sending JWT's (there's an app store module for that as well) to pass along the identity of the user. You can sign these JWT's, so you know that it has come from App1 and you can limit the validity of JWT's to e.g. 1 minute so you reduce the risk even if a token leaks. I would direct the user to a REST API where you read the JWT, create the account if not present, create a session and in the REST API redirect the user to the right page with a 302 response status. This is a fair bit more complicated that following the step by step blog post Ronald directed to though, but at least in this scenario I know how the authenticity of the requests is checked.
If you follow the blog, investigate how it works and you're sure it is secure enough it may serve your purpose.