Jump to content
  • 0

SSO issue DAAS


Rob Young1709151927

Question

I have an issue where we want users internally to be able to Seamless Single Signon and users externally to be prompted for their signin.  when I enable Federated Identity Provider Sessions, External users will be attempted to signin automatically with whatever ID they have external and then it fails, but this works fine for internal users.  If I disable Federated Identity Provider Sessions, it works correctly for external, but then all our internal users have to manually signin everytime?

 

I am currently using SAML for the authentication.  (Against AzureAD)

 

Thoughts?

Link to comment

3 answers to this question

Recommended Posts

  • 0

My CAP's are configured to only require MFA on non-trusted IP's.  We have the same SAML setup for a few other SAAS apps and it works fine.

 

Here are the scenarios that I have tried: 

 

Azure authentication (Federated Identity Provider Sessions enabled or disabled)-

Internal: prompts for auth but recognizes who i am

External: Prompts for username/pass

 

SAML Auth (Federated Identity Provider Sessions disabled)

Internal: works great, signs me seamlessly

External: signs user in automatically by whatever their PC's configured for.  Third party, google, live. and fails.  User need incognito

 

SAML Auth (FederatedIdentity Provider Sessions enabled)

Internal: prompt for username/password

External:prompt for username/password

 

What we want:

Internal: Seamless Signle Signon

External: prompt username and password.

 

 

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...