Hi! You need to look into the loginschemas associated to the flow, I see lschema_dual... being used in your attachment. Personally I'd prefer to make a copy of that same schema and customize it to your needs, then assign it to the flow, that'd very likely solve your issue. Another point I'd suggest is to use the visualizer for your testing, but when you go to implementing in production doing the policies manually is a better idea, I built a rather complex flow with the visualizer and troubleshooting/making changes got complicated as it grew. This also helps giving you a much deeper understanding into what policy/binding does what. Another option based on what you mentioned about flipping the authentication order is to change the SSO credentials setting in the session profile, by default it is set to Primary so if you flipped the auth order it will try to use the radius creds to SSO into Storefront, switching that to Secondary might do the trick as well.
