question

Benjamin-1031 avatar image
0 Votes"
Benjamin-1031 asked ·

Bypass the Azure AD SSO “choose an account” prompt and automatically login cookie stored user?

Hello AzureAD Team,

we have configured our enterprise web application to be protected by Azure AD SSO. It works great. The first time the user navigates to the enterprise web application page, they are redirected to the https://login.microsoft.com login page and prompted to enter their username@company.com and then they are authenticated using the Windows credentials through Kerberos (or at least I think it's Kerberos. It doesn't require a password). They are now signed into our enterprise web application.

Now the user closes their browser, which closes the session with our enterprise application, then opens it again.

They go back to the enterprise web application page. It redirects to https://login.microsoft.com, and this time it remembers who they are, because it has the username@company.com in the "Choose an account" dialog. But it didn't automatically sign them in, making for a very unfriendly user experience.

I've read many similar questions on the internet (Like: https://social.msdn.microsoft.com/Forums/en-US/f9e7c013-fbdc-4bbb-9e9c-22bf187f6c79/bypass-the-azure-ad-sso-choose-an-account-prompt-and-automatically-login-cookie-stored-user?forum=WindowsAzureAD ) and the common answer is to enable Auto-acceleration.
Unfortunally Auto-acceleration is not recommended by Microsoft.
My question is, is there another and secure way to get rid of the "Choose an account" dialog?

Thanks in advance for the answers!

Best regards

azure-ad-single-sign-onazure-ad-microsoft-account
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

Hi @Benjamin-1031 · Thank you for reaching out.

The “choose an account” prompt can be bypassed by using OAuth parameters HSU=1 and Login_Hint parameters. Please refer to below document to see how application can use Login_Hint parameters to be sent in Authentication request:

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.