JonasO.58915 (Customer) asked a question.
Hello Community,
Currently, we are trying to figure out a way to force re-authentication for our applications.
The scenario is the following:
We use Azure Entra ID with Okta for authentication. Users who are authenticated to Entra can access the applications.
When a user logs out of one application and application is reloaded we want logged out users to be re-authenticated...
It seems that the "prompt=login" is not delegated to Azure because the call has "ForceAuthn=false".
However, when we have the user stored in Okta, it forces a re-authentication.
Question 1: Is currently forced re-authentication with federated users (in our case Entra ID) not supported?
Question 2: Is there any other way to logout a user from a single application only without initiating a "global" logout ?
Thanks
Hi, @JonasO.58915 (Customer)
Thank you for posting on our Community page!
This is not something related to Okta, it needs to be set up from the application. Okta cannot control app sessions.
Maybe this article sheds some light on this: https://learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/mfa/federated-users-forced-sign-in
Thank you for reaching out to our Community and have a great day!
--
Join the discussion for the Ask Me Anything online event on May 23, 2024 with Okta Tactical Edge Product Experts
THank you Laura,
Yes I know that this is done by the application and this is exactly my question.
How can my application "instruct" Okta which is federated with an Azure Entra ID, to do a force re-authentication ?
Maybe a little bit more detail:
What parameter do I need to send to okta, like prompt=login for example, such that okta asks the Entra ID to re-authenticate the user.
I know this is possible in Auth0 but how is this done with okta ?
Thank you
I have also found this entry in the developer forum:
https://devforum.okta.com/t/force-prompt-login-to-always-ask-for-username/27675/2