Forum Discussion

EricStarker's avatar
EricStarker
Gold Contributor
Sep 19, 2017

Fewer login prompts: The new “Keep me signed in” experience for Azure AD is in preview

A common request we get from our customers is to reduce the number of times users are prompted to sign into Azure AD. One way to reduce the frequency of prompts is to check the “Keep me signed in” ch...
Azure Active Directory (AAD)
Sassan Hajrasooliha's avatar
Sassan Hajrasooliha
Copper Contributor
Sep 20, 2017

and you thought replacing a simple checkbox with an extra annoying pop up dialog box is good because of what again?! people want to move away from sign in page as quickly as possible, even having separate dialogs for username and password was something "interesting". now you added the 3rd one?!

Kelvin Xia's avatar
Kelvin Xia
Iron Contributor
Sep 21, 2017
Our data shows that having a bit of friction up front ultimately improves the long-term user experience as it reduces subsequent sign-in prompts.
  • Thomas Smith's avatar
    Thomas Smith
    Copper Contributor
    Feb 21, 2018

    Hi Kelvin,

     

    We are experiencing an issue with the KMSI feature for IE11 only. We currently use ADFS 3.0 with Single Sign on. When users connect to services such as the office portal or SharePoint they are prompted to select there account, after which the service signs in. The issue is that the KMSI prompt is not presented to the users in the new experience. Within the old experience users were able to check the box to remain signed in.

     

    What's strange is that from testing in other browsers such as Edge or Chrome we receive different results. In Edge users are redirected to the old sign-in experience where they can check the box. For Chrome, they again are taken to the old experience sign-in screen, but after entering there credentials they are redirected to the new KMSI prompt which can be selected and keeps the user signed in. 

     

    From our on-prem ADFS server we have enabled the KMSI feature, this has also been configured from the Azure Tenant level within the company branding section.

     

    Any help would be greatly appreciated.

     

    Cheers,

    Tom

    • Kelvin Xia's avatar
      Kelvin Xia
      Iron Contributor
      Feb 21, 2018
      You should no longer be seeing the old sign-in experience, so what you're seeing in Edge and Chrome is weird. What's the URL for when you see the old sign in experience in Chrome/Edge?
      • Paul Leemans's avatar
        Paul Leemans
        Copper Contributor
        Feb 27, 2018

        I am on W10 and do not get the KMSI prompt in the new sign in experience. Consequently, every time I have to Pick an account, after which it signs in with SSO. I tried to remove all internet explorer cache but I cannot get O365 to give me a KMSI prompt. What to do? I read somewhere something about a Windows Credential Manager, but I do not know what to do in there. Please help as this is annoying and costing extra seconds on each browser session.

  • Uli Zug's avatar
    Uli Zug
    Copper Contributor
    Sep 22, 2017

    Hi,

    actually we would like to enable this setting for all users as it improves the user experience and allows us to get rid of the additional pop-up. In a recent case we found that this setting can not be controlled by GPO etc. Are you planning to add this option ? 

    • Kelvin Xia's avatar
      Kelvin Xia
      Iron Contributor
      Sep 22, 2017
      Unfortunately no. We believe that users need to make the decision, based on where they're signing in from, about whether they want their authentication to persist. As such, we don't have a way for tenants to turn on persistent auth without user interaction.

Resources