[IdP] Users from other directory are SSO:d into app

Back to Forums

Johan Åström

[IdP] Users from other directory are SSO:d into app

Question

Reactive

Forge

Application Type

Reactive

Service Studio Version

11.52.3 (Build 59963)

Platform Version

11.15.0 (Build 35089)

I have SSO with SAML set up, with Azure AD as the Identity Provider.

When I try to access my application in a browser with nothing cached, I'm unable to sign in from another organization (i.e. domain) - I get an error stating that the user is not found in my Directory - which is as it should be.

However; if I open my application in a browser where I'm already signed in with an account from another organization, I'm automatically signed in with that account.

How can I prevent this? Obviously, I don't want users from other organizations to access my apps. The only solution I can think of is checking if the username ends with the domain name before setting permissions, but that doesn't feel very elegant.

26 Apr

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines