Allow Azure AD Password Reset auth info re-confirm to be disabled by app
Allow Azure AD Password Reset authentication information re-confirm to be disabled by app. This setting is defaulted to 180 and can be changed or globally disabled.
While it is nice to remind users to verify their authentication proofs are still valid, having this on breaks seamless SSO flows when it is configured for things like ZScaler.
The user is suddenly prompted for interaction in a flow that otherwise is normally handled in the background.
Hi folks! Thank you for your feedback. We do not plan to allow you to scope re-confirmation by app, although we are considering implementing this by group.
Dan M commented
Totally agree with Steve
Steven Grinker commented
By groups do you mean groups of users only? Without the ability to do this on a granular level by application, you will force an interactive flow where users are expecting Seamless SSO. Since we won't be able to turn this off for certain applications, we will have to leave this off globally. Doing so means that users will never be reminded to validate their security information, making it more likely to be invalid and giving them a poor experience with SSPR.