Force account picker with SAML login

Manuel Linsmayer 0 Reputation points
2024-11-29T11:31:10.4766667+00:00

Hello,

I'm using SAML integration for my GitHub Enterprise account. Is there a possibility to force account picker during SSO flow with SAML?

With OIDC I can append prompt=select_account -- is a similar feature also available for SAML?

THank you,

Manuel

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 20,921 Reputation points Microsoft Employee Moderator
    2024-12-02T05:33:37.57+00:00

    @Manuel Linsmayer

    Thank you for posting this in Microsoft Q&A.

    As I understand you are looking for replacement of OIDC property "prompt=select_account" in SAML protocol.

    Unfortunately, there is no option similar to OIDC's prompt=select_account in the SAML protocol for Microsoft Entra ID.

    https://docs.oasis-open.org/security/saml/v2.0/errata05/os/saml-v2.0-errata05-os.html#__RefHeading__8168_1983180497

    As a solution, you might consider using the ForceAuthn parameter or have the SP obtain the UPN in advance and send the request with the login_hint parameter attached.

    But "ForceAuthn" parameter is a boolean value that needs to be set. If it is set to true, it means that the user will be forced to reauthenticate, even if they have a valid session with Microsoft Entra ID.

    However, on every prompt it gives the page to select an account to be logged in.

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.