multiple Primary refresh token

testuser7 · ‎Feb 02 2021

On windows 10 Azure-AD joined device, we know that when we sign into the device, a PRT is obtained.

This PRT is used by web and non-web applications through WAM

If I want to settle one more PRT in the same windows session , is it possible ?

If yes, can you explain how that flow would be to obtain the 2nd PRT for for my another account in AAD in the device ?

Thanks.

ChristianBergstrom · ‎Feb 02 2021

testuser7 · ‎Feb 03 2021

Thanks Christian. @ChristianBergstrom for your response.

At the same time, I do not know where did I confuse you. I have gone through the link several times.

My ask is as simple as this.

You hit ctrl+alt+del on AAD-join windows box and sign in with your AAD account UPN

Cloud-AP will authenticate you and get you the PRT with communicating with Azure-AD

Now you are in the windows 10 box.

You have one more account in AAD

You want to use this account while accessing any AAD protected service which is under device-based conditional policy.

As a result, you need to have a PRT of this new account.

How do I get the PRT for this new account ?

Thanks.

ChristianBergstrom · ‎Feb 03 2021

@testuser7 Hello, well that's a much better description I don't know the answer to. Perhaps @Vasil Michev or @Thijs Lecomte does?

Thijs Lecomte · ‎Feb 03 2021

As far as I know (but I am no expert in this) there is no way to have multiple PRT's on a single device

testuser7 · ‎Feb 04 2021

Thanks @Thijs Lecomte for your response.

Is there anybody who can confirm if more than PRTs can stay in the same windows 10 session. ?

I personally think it should be possible, though.

Re: multiple Primary refresh token