|
|
|
|
|
|
by abruzzi
1357 days ago
|
|
|
I don’t know the specific setup, but the app passes you to AAD which passes you to a SAML source (Okta in this instance, but we use Cisco Duo). The SAML provider authenticates you, sets a cookie, then sends you back to AAD, which sets its own cookie, then passes you back to the App. (Or something like that.) if the next app you sign into is an AAD app, you pass through quickly, but if the next app you sign into uses SAML directly you have a cookie set for that as well. We use AAD for O365 and the few apps that won’t use generic SAML, but everything else uses Duo directly. The reason for this is at our O365 license level we don’t get the ability to restrict access to applications by AD group—everyone or we have to manually manage access account by account. |
|
|