Forum Discussion
Senstive SAML Apps such as Palo Alto GCPS uses SAML for Auth, but MFA bypassed with remember me UI
Updates !!!, Finally it worked with one more change to Azure AD policy.
But this option is in preview mode i believe, so i am worried about getting in to prod with this.
{{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"00:30:00","MaxAgeSessionSingleFactor":"00:30:00","MaxAgeSessionMultiFactor":"00:30:00","MaxAgeMultiFactor":"00:30:00"}}}
Mark Lewis yes strangely it works in MAC. I tried to even push IE in private mode always through properties. Still it bypasses MFA.
And does it work (prompt for MFA) on a non domain or hybrid joined machine? Personal laptop for example
Do you use Windows Hello for Business?
I suspect that the machine itself is being used as the second factor, rather than prompting on the app
Mark Lewis we do not use Helo for business, device with corporate image both mac and windows it bypasses MFA when remember me is checked. Only not domain joined device it prompts for MFA.
Updates !!!, Finally it worked with one more change to Azure AD policy.
But this option is in preview mode i believe, so i am worried about getting in to prod with this.
{{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"00:30:00","MaxAgeSessionSingleFactor":"00:30:00","MaxAgeSessionMultiFactor":"00:30:00","MaxAgeMultiFactor":"00:30:00"}}}