Forum Discussion
Senstive SAML Apps such as Palo Alto GCPS uses SAML for Auth, but MFA bypassed with remember me UI
Updates !!!, Finally it worked with one more change to Azure AD policy.
But this option is in preview mode i believe, so i am worried about getting in to prod with this.
{{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"00:30:00","MaxAgeSessionSingleFactor":"00:30:00","MaxAgeSessionMultiFactor":"00:30:00","MaxAgeMultiFactor":"00:30:00"}}}
Rajkumar_Manibharathy are you doing this from a Windows 10 machine that is hybrid joined? Does this use a browser such as Edge for presenting the login? Windows Hello becomes the secondary factor from memory when using MFA. If you use an incognito browser you should get prompted for MFA
Mark Lewis Yes i am testing in Windows 10 and Mac Hybrid Azure and Azure AD Joined.
Based on default browser we select, it present Chrome, IE or Edge. Thanks Let me try incognito.
For chrome i see there are lot of extension to make some websites default incognito, but in IE and Edge i do not see it like that any idea on that please ?
Rajkumar_Manibharathydo you get prompted for MFA on the Mac OS device? Not sure how to force incognito/in-private off the top of my head for certain sites on Edge/IE
Mark Lewis yes strangely it works in MAC. I tried to even push IE in private mode always through properties. Still it bypasses MFA.
And does it work (prompt for MFA) on a non domain or hybrid joined machine? Personal laptop for example
Do you use Windows Hello for Business?
I suspect that the machine itself is being used as the second factor, rather than prompting on the app