Azure AD B2C social login KMSI next-best alternative

Nigel 1 Reputation point

I've been pouring over the documentation (e.g. and got my single page app working with MSAL and Azure AD B2c.

I have the session lifetime set to the maximum 24 hours (1440) and the KMSI set to 30 days (for local accounts). But for social accounts the user experience is a bit clunky. After 24 hours the user must log in again and this requires interaction. I understand the reason for having to re-authenticate ( but I'm still hoping I can improve the social sign-in experience for users. Currently, every 24 hours a social (e.g. Facebook) user goes through these steps:

1: open the app or return to their browser
2: MSAL doesn't find account so login flow is initiated
3: User is redirected to sign up/sign in flow
4: user is presented with screen with all sign in options, including multiple social accounts (Facebook, twitter, etc.....) and "don't have an account - sign up here"
5 user selects Facebook
6 user redirected back to app

My main issue is with step 4 and 5. If the user is still signed into Facebook, they only need to click the button. But can we remember their choice if they use the same browser?

To put another way, if the user is still signed into Facebook and hasn't removed my app, can step 4 and 5 be done without user interaction?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,651 questions
Azure Active Directory External Identities
No comments
{count} votes