Disable Edge SSO for speicific websites?

Question

Hi There,

We have a customer that is using a cloud-based business information system that uses authentication on the web server (IIS / apache) rather than a typical HTML/database login mechanism.

All users have Microsoft Edge set as the default browser and this is synchronised with their Azure AD account.

The problem we have is that when users try to access the website it prompts then to login using the standard Windows 10/11 login box (and also pre-populates their Windows username). This causes some confusion and most users will attempt to login using Windows Hello or their Windows login password and so the login to the site fails. They have a specific username/password for this business system which is nothing to do with their Windows login (and what they should be entering).

Worse still, once the login has failed there isn't an obvious way to bring the login prompt back again. Refreshing the page just brings up a 401 error and the login prompt is never reshown.

I've checked the Microsoft Edge stored passwords and the Windows Credential Manager but I can't find a saved login for the site anywhere in order to clear it. We can get it working again by getting them to use an inPrivate window but this isn't ideal (with how this particular business system works) and also creates more confusion.

Our current work around is to use Google Chrome which produces it's own little login dialog instead of the Windows login box and so is less confusing to users. It also doesn't seem to lock in the login like Edge does so even if you fill in the wrong credentials you can still refresh the page and attempt the login again.

The customer uses Office 365 extensively so we don't want to disable SSO across the board in Edge but is there a way to disable SSO for a specific domain so the users are always prompted to enter credentials (on that domain)? Alternatively does anyone know how to reset credentials for a domain in Edge once a user has incorrectly tried to login with their Windows account?

Any advice would be much appreciated!

Thanks,

Olly

Answer 1

Interesting problem. My first thought is that the site is configured to use Windows auth so if you can just disable Win auth on the website and the problem goes away.

If that isn't an option then Win auth isn't normally turned on for sites that aren't intranet so add the site to the list of untrusted or perhaps internet URLs. Then Windows won't allow Win auth.

Answer 2

Hi @Oliver Lennox

Is the site an Intranet site? If so, you can open Internet Options -> click Security tab -> click Local Intranet -> click Custom level... -> scroll down to the bottom and select Prompt for user name and password. Then you can test again to see if it will show the prompt every time.

Besides, you can check if this policy AuthServerAllowlist is enabled and if the site is in the policy's allow list. If so, you can remove the site from the allow list. For more information, you can also refer to this doc.

Besides, I think clearing the Edge browser cache of all cookies and downloaded data will clear the stored login information. You can also try this workaround when the prompt doesn't show.

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Regards,
Yu Zhou