Azure AD SSO: Always require Password

Justin Voitel 21 Reputation points
2022-11-28T09:30:35.11+00:00

We build Web Applications (Spring Boot) for our client who manages their users in a Azure AD and we want to integrate SSO into the app.

Our client's users have dedicated windows machines for work where they are automatically signed into Azure, so our SSO integration requires no additional security requirement for login.

Unfortunately they dislike this behavior and want to require username + password for every single login. Is it possible to configure it preferably per app registration ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,476 questions
0 comments No comments
{count} votes

Accepted answer
  1. JimmySalian-2011 42,066 Reputation points
    2022-11-28T09:38:15.437+00:00

    Hi Justin,

    Probably approach will be to add the prompt=login parameter, add a prompt=login query string parameter to the AAD authorization endpoint URL. This will skip the SSO and force a login with AAD and also please check this article for the auth code flow - dn645542(v=azure.100)

    Hope this helps.
    JS

    ==
    Please Accept the answer if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. Andy David - MVP 144.7K Reputation points MVP
    2022-11-28T12:35:33.62+00:00

    You could force a sign in frequency for all the app every hour with a conditional access policy.
    https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

    What you can't do is require MFA at every logon ( at least not yet)

    0 comments No comments