By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Single Sign-on with Azure AD: How to force to ask password every single login

0

I have implemented Single Sign-On (SSO) with Azure AD using SAML 2.0. When a user logs in with the SSO URL, they are redirected to the O365 login page, where they go through the Multi-Factor Authentication (MFA) process, and the user is successfully logged in. However, when a user signs out from the portal and then, after some time, attempts to log in again, they are not prompted for login credentials and are automatically signed in. I'm aware that the session can be controlled by applying a conditional access policy, but is there any way to require credentials for every single login

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access Management
Language
English
profile picture
Nikunj Patel
asked 6 months ago271 views
1 Answer
0
Accepted Answer

All authentication is controlled by your IDP not AWS when you have setup SSO.

Your Idp will only tell AWS that you’re authenticated and your user information passed during the SAML.

I’m not 100% sure but I don’t think you can force this on the Azure SAML side however please research this yourself to confirm if it is or isn’t possible.

profile picture
EXPERT
Gary Mclean
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content