Share via

Azure SAML SSO

Helen Madrigal Fernandez 6 Reputation points
2022-10-25T03:09:03.923+00:00

The user logs in to Anyconnect, then accessing resources using SAML via Azure.

When entering Azure login credentials the user selects to 'Stay signed in'.

However, when logging out of internal resources, and as long as the logout URL is not set to the Azure logout page, and then re-attempting login, the user is again asked for login credentials.

On VPN endpoint SAML config we have set up "reauthenticate=false"

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep G-MSFT 20,911 Reputation points Microsoft Employee Moderator
    2022-10-27T08:27:03.157+00:00

    @Helen Madrigal Fernandez

    If user is logged in to application and if he just closes the browser and tries to open the application again, he will not be prompted for authentication.

    Azure AD’s Keep Me Signed In (KMSI) feature uses a persistent cookie to allow users with member accounts in the tenant directory to close and resume browser sessions without needing to sign in again. Azure AD generates the persistent cookie if a user responds affirmatively to the Stay signed in? prompt after a successful authentication.

    In your situation it looks like persistent cookies is not getting set. Or user is logging out of application and later he is trying to login again.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.