Thanks for the reply. We are not using WHB but understand the lock/unlock refresh event.
The specific correlation id is 5bdcdf89-0995-4859-9855-54f97cda3067.
We are to open a case with MSFT too. Thanks
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We are looking for forcing a user to sign in every x hours (if he/she has not recently authenticated or unlocked the device) and have implemented a conditional access policy. (FYI - apps are Service Now, Salesforce).
We have configured SSO/MFA and created the conditional access policies for persistence session AND a separate policy for sign in frequency (example, 1 hour). We have used the What If tool to check to makes sure these policies are being applied to the users.
Problem - the user is logged in for more than the amount of time defined with sign in frequency and is not logged out or timed out.
What we have already tried:
This feature works properly with Azure Portal but doesn't seem to work for any other app.
The docs state that this should work for SAML too unless the app uses a unique cookie etc. which is not the case.
We also tried converting the integration with OAUTH2/OIDC but doesn't seem to help
We understand that unlocking a device is a sign in event so have made sure that this is not happening
Question:
Is the sign in frequency supposed to work for non Microsoft apps?
Does this feature work with hybrid AD devices (On prem domain joined, using ADC to sync accounts to AD and integration)?
Does this feature depend on "persistence session"? Dont think if seamless SSO is working prpoperly.
Any example of any other app that this is working properly ?
Thanks
Thanks for the reply. We are not using WHB but understand the lock/unlock refresh event.
The specific correlation id is 5bdcdf89-0995-4859-9855-54f97cda3067.
We are to open a case with MSFT too. Thanks
unfortunately, we don't use any office 365 or Outlook/OWA apps.
Microsoft says the following:
The sign-in frequency setting works with SAML applications as well, as long as they do not drop their own cookies and are redirected back to Azure AD for authentication on regular basis.
So make sure your app meets the requirements. Since you mentioned that it works with Azure portal, my guess would be that the issue is with the app itself and the configuration of it.
thanks. i did mention earlier that we checked these conditions for cookie and reauth. Any ways, thanks for your help.