I am working on an integration with Azure AD, using SAML and the ITfoxtec.Identity.Saml2 library. The basic login/logout functionality is working OK.
However, logging into the Azure AD only shows the account selection if the user is already logged into multiple accounts. This seems to be the default behavior, but makes the implementation of "Switch account" functionality difficult.
Currently, the "Switch account" in the application, if the user is logged into one account:
- Performs a logout
- Then redirects back to the login
- The login automatically logs the user in with the single account
The desired behavior:
- Perform a logout
- Redirect back to the login
- The login shows the account selection, even if there is only a single logged in account
What I tried:
- If using OAuth, prompt='select_account' should do the job, but something similar doesn't seem to be available.
- The Saml2AuthnRequest class exposes the ForceAuthn property. This forces a new login for the user. This could kind off be a substitute for "Switch account", but is not ideal.
- In the Azure Portal, I didn't find a setting that may change this default behavior.
Is there a way to force the Azure AD login page to show the account selection even if the user is logged into only one account? Or alternatively, to specifically open the Switch account page if that is available?
