Azure AD SSO: Always require Password

Justin Voitel 21 Reputation points

We build Web Applications (Spring Boot) for our client who manages their users in a Azure AD and we want to integrate SSO into the app.

Our client's users have dedicated windows machines for work where they are automatically signed into Azure, so our SSO integration requires no additional security requirement for login.

Unfortunately they dislike this behavior and want to require username + password for every single login. Is it possible to configure it preferably per app registration ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,476 questions
0 comments No comments
{count} votes

Accepted answer
  1. JimmySalian-2011 42,066 Reputation points

    Hi Justin,

    Probably approach will be to add the prompt=login parameter, add a prompt=login query string parameter to the AAD authorization endpoint URL. This will skip the SSO and force a login with AAD and also please check this article for the auth code flow - dn645542(v=azure.100)

    Hope this helps.

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

1 additional answer

Sort by: Most helpful
  1. Andy David - MVP 144.7K Reputation points MVP

    You could force a sign in frequency for all the app every hour with a conditional access policy.

    What you can't do is require MFA at every logon ( at least not yet)

    0 comments No comments