[IdP] Users from other directory are SSO:d into app
Web icon
Forge component by Rui Barbosa
Application Type
Service Studio Version
11.52.3 (Build 59963)
Platform Version
11.15.0 (Build 35089)

I have SSO with SAML set up, with Azure AD as the Identity Provider. 

When I try to access my application in a browser with nothing cached, I'm unable to sign in from another organization (i.e. domain) - I get an error stating that the user is not found in my Directory - which is as it should be.

However; if I open my application in a browser where I'm already signed in with an account from another organization, I'm automatically signed in with that account.

How can I prevent this? Obviously, I don't want users from other organizations to access my apps. The only solution I can think of is checking if the username ends with the domain name before setting permissions, but that doesn't feel very elegant.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.