Mar 09 2018
07:17 AM
- last edited on
Jan 14 2022
03:41 PM
by
TechCommunityAP
Mar 09 2018
07:17 AM
- last edited on
Jan 14 2022
03:41 PM
by
TechCommunityAP
Not sure if I can describe this but here goes!
Remember no ADFS using managed identity and using MFA.
So we have chrome users that when they are onprem with a domain joined device they do not get the option to select keep me signed in (KMSI), oddly enough if they are on a less trusted device like a kiosk somewhere they get the prompt and can KMSI.. Seems strange to me. We've added the remember my device (RMD) for the chrome users for now but I don't like doing that. Also doing RMD messes up the modern app clients since they are forced to re auth once the RMD time expires.
What am I doing wrong?
Hopefully this makes sense.
thanks
Mar 09 2018 08:18 PM
@Kelvin Xia might be able to help here.
Mar 22 2018 11:42 AM
Hey Tony,
the "Stay signed in?" prompt does not show when any sort of SSO is set up. In your case, it might either be Browser SSO (if the managed Azure AD account is added to Windows) or Seamless SSO. We don't show the prompt in SSO cases as throwing a prompt breaks the promise of SSO.
If the kiosk devices do not have SSO enabled (which I assume is the case since they are shared), we'll show the "Stay signed in" prompt on login but will suppress that prompt if we detect that more than 1 account has been used in the browser.
If you want to completely disable the prompt, use the 'Show option to remain signed in' setting in Company Branding:
https://docs.microsoft.com/en-us/azure/active-directory/customize-branding
Mar 22 2018 01:35 PM
Mar 22 2018 01:46 PM