JigarP.67569 (Customer) asked a question.
Does Okta prompt for re-login on every SAML Post request received on IDP Login URL even when user has active session?
Please find the use case below.
- User logged in successfully to Application 'A' integrated with Okta.
- User opened another tab on same browser and hit SP initiated URL to access Application 'B' which is integrated with same Okta tenant where Application 'A' reside.
- SP Initiated URL accessed by user for Application 'B' is actually posting a SAML request on IDP Login URL.
- In scenario mentioned above, shouldn't Okta carry forward the session created against Application 'A' and not ask user to login again?
- I have observed that Okta instead of continuing session, prompting for Login page.
- Please note there is no tenant or app level sign on policy setup to force user for re-login for specific application.
Hi @JigarP.67569 (Customer) , Thank you for reaching out to the Okta Community!
This might not have anything to do with the Okta authentication policies in this case.
I know that in the case of custom SAML apps configured in Okta there is an option to "Honor Force Authentication" but this mainly depends on the Service Provide side and if they request the re-authentication with the IDP when the users triggers a login flow. Perhaps you can check with the application provider to confirm this.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Ask Us Anything thru 7/14: Okta WIC leadership want to hear from you