Hi,
We are using your product as SP in a multi tenant setup. There is a scenario where for a certain domain/tenant, an user could have multiple accounts logged in. So when attempting to initiate SSO (SP-initiated), Azure is picking the wrong user making the process to fail (that account doesnt have access to the app). We already tried using Subject/RequestedUsername (under the SSOOptions object) but they arent supported by azure so it also fails. Is there anyway to instruct Azure to at least display the “choose account” screen instead of “auto pick” one?
Thanks,
Carlos
Hi Carlos,
You can set SSOOptions.ForceAuthn to true. This sets the ForceAuthn flag in the authn request which requests that the identity provider authenticates the user even if there’s already an authentication session. According to the Azure documentation, this flag is supported.
https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol
[quote][/quote]
Hi Carlos,
You can set SSOOptions.ForceAuthn to true. This sets the ForceAuthn flag in the authn request which requests that the identity provider authenticates the user even if there's already an authentication session. According to the Azure documentation, this flag is supported.
https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol
You can set SSOOptions.ForceAuthn to true. This sets the ForceAuthn flag in the authn request which requests that the identity provider authenticates the user even if there's already an authentication session. According to the Azure documentation, this flag is supported.
https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol
That did the trick, thanks!
You’re welcome. Thanks for the update.