Forum Discussion
Senstive SAML Apps such as Palo Alto GCPS uses SAML for Auth, but MFA bypassed with remember me UI
Updates !!!, Finally it worked with one more change to Azure AD policy.
But this option is in preview mode i believe, so i am worried about getting in to prod with this.
{{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"00:30:00","MaxAgeSessionSingleFactor":"00:30:00","MaxAgeSessionMultiFactor":"00:30:00","MaxAgeMultiFactor":"00:30:00"}}}
Mark Lewis Yes i am testing in Windows 10 and Mac Hybrid Azure and Azure AD Joined.
Based on default browser we select, it present Chrome, IE or Edge. Thanks Let me try incognito.
For chrome i see there are lot of extension to make some websites default incognito, but in IE and Edge i do not see it like that any idea on that please ?
Rajkumar_Manibharathydo you get prompted for MFA on the Mac OS device? Not sure how to force incognito/in-private off the top of my head for certain sites on Edge/IE
Mark Lewis yes strangely it works in MAC. I tried to even push IE in private mode always through properties. Still it bypasses MFA.
And does it work (prompt for MFA) on a non domain or hybrid joined machine? Personal laptop for example
Do you use Windows Hello for Business?
I suspect that the machine itself is being used as the second factor, rather than prompting on the app
Mark Lewis we do not use Helo for business, device with corporate image both mac and windows it bypasses MFA when remember me is checked. Only not domain joined device it prompts for MFA.