Hi,
I will briefly descript my question's background information. Our application is hosted on our University's VM, we use ComponentSpace to send the SAML request, and it uses our University's Azure AD SSO to validate users(as an IDP). However, we need to let some researchers from outside of our university login into this web application. So we created their accounts in our Azure AD domain, but they have their own Azure AD environment and also have their own work/org accounts, some of them may use the remember me function and store their work/org accounts' credentials to the browsers' cookies.
They say when they tried the Azure SSO login process on our application. The Azure cloud login portal doesn’t allow them to enter their university account, it logs in with their own work/org accounts, the portal redirects to the password part and they don’t even have a chance to log in with our university's accounts.
we have turned on forced login settings on our service provider's end. And some of those users don't want to clear caches or use incognito mode, so we need to allow those clients to choose which accounts they want to use when they try to log in with our Azure SSO. Any idea about how to implement this? Is there any configuration need to be set on the service provider's side? And also how to do it on Azure Cloud(IDP) side?
|