Forum Discussion
Tony Roth
Mar 09, 2018Brass Contributor
Azure ad/office365 with managed identity NO adfs and chrome
Not sure if I can describe this but here goes!
Remember no ADFS using managed identity and using MFA.
So we have chrome users that when they are onprem with a domain joined device they do not...
Kelvin Xia
Microsoft
Mar 22, 2018Hey Tony,
the "Stay signed in?" prompt does not show when any sort of SSO is set up. In your case, it might either be Browser SSO (if the managed Azure AD account is added to Windows) or Seamless SSO. We don't show the prompt in SSO cases as throwing a prompt breaks the promise of SSO.
If the kiosk devices do not have SSO enabled (which I assume is the case since they are shared), we'll show the "Stay signed in" prompt on login but will suppress that prompt if we detect that more than 1 account has been used in the browser.
If you want to completely disable the prompt, use the 'Show option to remain signed in' setting in Company Branding:
https://docs.microsoft.com/en-us/azure/active-directory/customize-branding
- Tony RothMar 22, 2018Brass ContributorSo this all goes back to true sso vs managed identity, which would you choose if you have many 3rd party RP/SP's, currently we use both azure ad and adfs to handle this and we use the entire o365 suite with AAD connect? Seems like adfs checks more boxes then aad connect and would enable true sso, correct? So confused.
- Tony RothMar 22, 2018Brass ContributorWe also use published applications which utilize managed service identities (msi) which I think are not compatible with ADFS, correct?