Forum Discussion
EricStarker
Nov 15, 2017Former Employee
The new Azure AD sign-in and “Keep me signed in” experiences rolling out now!
We're excited to announce that the general availability rollout of the new Azure AD sign-in and “Keep me signed in” experiences has started! These experiences should reach all users globally by the e...
Kelvin Xia
Dec 18, 2017Former Employee
May I know why you want to see the prompt even when SSO happens? By definition, when SSO'ed your user should just always automatically sign in without any interactive prompts. So, asking the user if they want to remain signed in doesn't really mean anything when SSO happens.
Srikanth Komirishetty
Dec 18, 2017Copper Contributor
Kelvin,
The reason I ask is, we get this window every single time when we close the browser. I need not enter my password but I have to click on my account (I have to pick every single time I close the browser). If I switch to old sign in experience, I can check the box to keep me signed in and it will never ask me to pick the account. As the old sign in page is going away, we need to provide our users a way to avoid picking account each and every time the re-open the browser. The only, I saw is with the prompt and that is why, I'm reaching you to see if we can enable that prompt on SSO.
- VasilMichevJan 05, 2018MVP
I don't think so, it will most likely not recognize the claim.
- Srikanth KomirishettyJan 05, 2018Copper Contributor
Hi VasilMichev, Thank you for the response. The old sign in page has "keep me signed in" check box that helps the user not be prompted to pick account or see login prompt the next time they re-launch the browser and access SharePoint site. The new UI has no such option any more.
The new ADFS version on Windows 2012 seems to have an option to create custom claim rules to issue PSSO claims that avoids "pick an account" prompt as shared by Kelvin Xia.
As you recommended, I researched and I was able to create a SMART link which does the same job as "keep me signed in" check box. The user has to browse this link once, interestingly it won't even prompt for UPN (password not required as we are SSO) and process sets the persistent cookie on the machine and he/she never needs to pick account going forward.
The question I have now is, Our organization would like to enable PSSO but we are on ADFS 2.0 and Windows 2008 R2. The article on this link describes how to configure ADFS to issue PSSO claims but not sure if this applies to Windows 2008 R2.
- Kelvin XiaJan 03, 2018Former EmployeeHi Johannes, can you please private message me your email address and I'll reach out to you to get more information.
- Johannes BlohbergerJan 03, 2018Copper Contributor
Hi,
at one of my customers I have exactly the same problem like Srikanth Komirishetty. Every time the browser is closed and reopend the Account Picking window is showing.
- Kelvin XiaDec 20, 2017Former EmployeeHi Srikanth, I'll reach out to you via DM to get more information so we can look into this.
- VasilMichevDec 19, 2017MVP
Srikanth Komirishetty do you happen to be using Smart links? Even with the old experience, without smart links configured you have to enter/select the UPN before federation happens. But you can construct "smart links" (basically an URL with added parameter for the domain) to bypass this process and have you log in automatically. Perhaps those are not working with the new experience?