25,174 questions
Hello anonymous user
Thanks for bringing this post!
Please review the next article below:
https://learn.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol
BR.
SAML IdP and ForceAuthn
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 79%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED1%3C/text%3E%3C/svg%3E)
Devon58ESI-1311
21
Reputation points
I have been asked to confirm our Azure connected users will be forced to login when they receive a 'ForceAuthn' request from a SP.
Can you advise how i can check this or configure it in our Azure SAML configuration please or point me to documentation that shows me how to configure this please.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
1 additional answer
Sort by: Most helpful
-
Devon58ESI-1311 21 Reputation points
2022-04-23T04:26:19.597+00:00 Thanks for the answer. I have read the article and the explanation is very good.
I am also looking for a method of implementing the forced logout on the IdP side but cant find a method to set up.
Would you have a way to check if it is working or a configuration to force it to be implemented please?-
risolis 8,741 Reputation points2022-04-23T05:19:37.287+00:00 Your welcome.
I have thought of using Azure AD audit/reporting logs on PowerShell for this scenario.
-
risolis 8,741 Reputation points
2022-04-23T20:19:13.183+00:00 Did you configure it on the Metadata file?
****Passes the ForceAuthN value in the SAML authentication request to determine if the external SAML IDP will be forced to prompt the user for authentication. By default, Azure AD B2C sets the ForceAuthN value to false on initial login. If the session is then reset (for example by using the prompt=login in OIDC) then the ForceAuthN value will be set to true.
Setting the metadata item will force the value for all requests to the external IDP and possible values: true or false****
-
Devon58ESI-1311 21 Reputation points
2022-04-23T21:13:26.107+00:00 Many thanks. I havent configured the metadata file on the IdP end as I couldnt find any details of how to set.
-
risolis 8,741 Reputation points
2022-04-23T21:33:29.107+00:00 Your welcome.
Read the article so, you can have a better idea how to set it up:
Finally, previously I mentioned this statement "Azure AD audit/reporting logs on PowerShell " it is more related validate your configuration.
I hope this assistance was useful to get this going.
Many thanks!
Sign in to comment -