Forum Discussion

EricStarker's avatar
EricStarker
Former Employee
Nov 15, 2017

The new Azure AD sign-in and “Keep me signed in” experiences rolling out now!

We're excited to announce that the general availability rollout of the new Azure AD sign-in and “Keep me signed in” experiences has started! These experiences should reach all users globally by the e...
Azure Active Directory (AAD)
Kelvin Xia's avatar
Kelvin Xia
Former Employee
Dec 18, 2017
May I know why you want to see the prompt even when SSO happens? By definition, when SSO'ed your user should just always automatically sign in without any interactive prompts. So, asking the user if they want to remain signed in doesn't really mean anything when SSO happens.
Srikanth Komirishetty's avatar
Srikanth Komirishetty
Copper Contributor
Dec 18, 2017

Kelvin,

The reason I ask is, we get this window every single time when we close the browser. I need not enter my password but I have to click on my account (I have to pick every single time I close the browser). If I switch to old sign in experience, I can check the box to keep me signed in and it will never ask me to pick the account. As the old sign in page is going away, we need to provide our users a way to avoid picking account each and every time the re-open the browser. The only, I saw is with the prompt and that is why, I'm reaching you to see if we can enable that prompt on SSO.

  • VasilMichev's avatar
    VasilMichev
    MVP
    Jan 05, 2018

    I don't think so, it will most likely not recognize the claim.

  • Srikanth Komirishetty's avatar
    Srikanth Komirishetty
    Copper Contributor
    Jan 05, 2018

    Hi VasilMichev, Thank you for the response. The old sign in page has "keep me signed in" check box that helps the user not be prompted to pick account or see login prompt the next time they re-launch the browser and access SharePoint site. The new UI has no such option any more.

     

    The new ADFS version on Windows 2012 seems to have an option to create custom claim rules to issue PSSO claims that avoids "pick an account" prompt as shared by Kelvin Xia.

     

    As you recommended, I researched and I was able to create a SMART link which does the same job as "keep me signed in" check box. The user has to browse this link once, interestingly it won't even prompt for UPN (password not required as we are SSO) and process sets the persistent cookie on the machine and he/she never needs to pick account going forward.

     

    The question I have now is, Our organization would like to enable PSSO but we are on ADFS 2.0 and Windows 2008 R2. The article on this link describes how to configure ADFS to issue PSSO claims but not sure if this applies to Windows 2008 R2.

  • Kelvin Xia's avatar
    Kelvin Xia
    Former Employee
    Jan 03, 2018
    Hi Johannes, can you please private message me your email address and I'll reach out to you to get more information.
  • Johannes Blohberger's avatar
    Johannes Blohberger
    Copper Contributor
    Jan 03, 2018

    Hi,

    at one of my customers I have exactly the same problem like Srikanth Komirishetty. Every time the browser is closed and reopend the Account Picking window is showing.

  • Kelvin Xia's avatar
    Kelvin Xia
    Former Employee
    Dec 20, 2017
    Hi Srikanth, I'll reach out to you via DM to get more information so we can look into this.
  • VasilMichev's avatar
    VasilMichev
    MVP
    Dec 19, 2017

    Srikanth Komirishetty do you happen to be using Smart links? Even with the old experience, without smart links configured you have to enter/select the UPN before federation happens. But you can construct "smart links" (basically an URL with added parameter for the domain) to bypass this process and have you log in automatically. Perhaps those are not working with the new experience?

Resources