Purpose
When applications need to request fresh authentication from Azure AD, meaning that they need Azure AD to re-authenticate the user even if the user has already been authenticated, they can send the prompt=login parameter to Azure AD as part of the authentication request.
When this request is for a federated user, Azure AD needs to inform the IdP, like AD FS (or Practice Protect ), that the request is for fresh authentication.
Consider a scenario where you have users federated in Practice Protect and are continuously prompted for the login in Office 365 Apps (outlook, teams etc.) after entering correct credentials.
This article will guide you on how to set the PromptLoginBehavior to disabled in Office 365. This means that only wfresh=0 is sent to ADFS. This should fix the continuous login prompt.
Prerequisite
- Global Admin Access in the Office 365 Tenant
- Powershell
Instruction
1. Run Powershell as Administrator then run the below command
2. Connect-Msolservice <use the Account in O365 with Global Admin permission>
3. Get-MsolDomainFederationSettings -DomainName practiceprotectonline.com | Format-List *
4. Make sure to replace the domain practiceprotectonline.com on the powershell command to the tenant’s federated domain (i.e. cbpaccountants.com).
5. Set-MsolDomainFederationSettings -DomainName practiceprotectonline.com -PromptLoginBehavior disabled
6. Repeat for all Federated Domains.