ā07-25-2024 01:36 PM
We have successfully tested SSO with MFA logon to the FMC. However, when we attempt to logout, we receive the following message
You are logged in using SSO provided by Azure. To protect your Firewall Management Center account from unauthorized access, you must separately end your Azure IdP session.
There is a button labeled "Redirect to Azure for Log Out."
Clicking that button redirects me to my MS 365 home page.
Subsequent logon attempts to the FMC allows me right into the console without 1st or 2nd factor authentication.
I know that this is the basic premise for SSO...but I wanted to know if there was a way to terminate a session so that I am not allowed directly back into the console without being challenged.
ā07-25-2024 02:13 PM
since you are using the browser you are bound by the M365 login already there... but there are some workarounds you can implement:
https://www.reddit.com/r/AZURE/comments/xrupux/conditional_access_require_mfa_every_single_time/
ā08-29-2024 01:15 PM
Here is one workaround. where would I do this in FMC?
I modified the machine sending the SAML request to use the ForceAuthn=true option which forced all users accessing an authentication portal to authenticate every time without making changes to the conditional access policy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide