How can we improve Azure Active Directory?

Allow Azure AD Password Reset auth info re-confirm to be disabled by app

Allow Azure AD Password Reset authentication information re-confirm to be disabled by app. This setting is defaulted to 180 and can be changed or globally disabled.

While it is nice to remind users to verify their authentication proofs are still valid, having this on breaks seamless SSO flows when it is configured for things like ZScaler.

The user is suddenly prompted for interaction in a flow that otherwise is normally handled in the background.

9 votes
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Steven Grinker shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Steven Grinker commented  ·   ·  Flag as inappropriate

    By groups do you mean groups of users only? Without the ability to do this on a granular level by application, you will force an interactive flow where users are expecting Seamless SSO. Since we won't be able to turn this off for certain applications, we will have to leave this off globally. Doing so means that users will never be reminded to validate their security information, making it more likely to be invalid and giving them a poor experience with SSPR.

Feedback and Knowledge Base