Can Service Providers tell Azure IDP not to allow KMSI?

Dan 1 Reputation point

Is there a way for a SAML2 Service Provider to communicate to Azure IDP that it doesn't want KMSI to be allowed for an authentication request?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,529 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JimmySalian-2011 42,066 Reputation points

    Hi Dan,

    AFAIk, KMSI is configurable at the individual user flow level.When you enable the feature, users can opt to stay signed in so the session remains active after they close the browser. The session is maintained by setting a persistent cookie. I guess you will have to customize the policy .

    Check this excellent write up on the

    Hope this helps.

    Please Accept the answer if the information helped you. This will help us and others in the community as well.