Hello AzureAD Team,
we have configured our enterprise web application to be protected by Azure AD SSO. It works great. The first time the user navigates to the enterprise web application page, they are redirected to the https://login.microsoft.com login page and prompted to enter their firstname.lastname@example.org .com and then they are authenticated using the Windows credentials through Kerberos (or at least I think it's Kerberos. It doesn't require a password). They are now signed into our enterprise web application.
Now the user closes their browser, which closes the session with our enterprise application, then opens it again.
They go back to the enterprise web application page. It redirects to https://login.microsoft.com, and this time it remembers who they are, because it has the email@example.com .com in the "Choose an account" dialog. But it didn't automatically sign them in, making for a very unfriendly user experience.
I've read many similar questions on the internet (Like: https://social.msdn.microsoft.com/Forums/en-US/f9e7c013-fbdc-4bbb-9e9c-22bf187f6c79/bypass-the-azure-ad-sso-choose-an-account-prompt-and-automatically-login-cookie-stored-user?forum=WindowsAzureAD ) and the common answer is to enable Auto-acceleration.
Unfortunally Auto-acceleration is not recommended by Microsoft.
My question is, is there another and secure way to get rid of the "Choose an account" dialog?
Thanks in advance for the answers!