Mar 09 2018
- last edited on
Jul 27 2020
Not sure if I can describe this but here goes!
Remember no ADFS using managed identity and using MFA.
So we have chrome users that when they are onprem with a domain joined device they do not get the option to select keep me signed in (KMSI), oddly enough if they are on a less trusted device like a kiosk somewhere they get the prompt and can KMSI.. Seems strange to me. We've added the remember my device (RMD) for the chrome users for now but I don't like doing that. Also doing RMD messes up the modern app clients since they are forced to re auth once the RMD time expires.
What am I doing wrong?
Hopefully this makes sense.
Mar 22 2018 11:42 AM
the "Stay signed in?" prompt does not show when any sort of SSO is set up. In your case, it might either be Browser SSO (if the managed Azure AD account is added to Windows) or Seamless SSO. We don't show the prompt in SSO cases as throwing a prompt breaks the promise of SSO.
If the kiosk devices do not have SSO enabled (which I assume is the case since they are shared), we'll show the "Stay signed in" prompt on login but will suppress that prompt if we detect that more than 1 account has been used in the browser.
If you want to completely disable the prompt, use the 'Show option to remain signed in' setting in Company Branding:
Mar 22 2018 01:35 PM
Mar 22 2018 01:46 PM