How to achieve SSO from the My Apps Launcher

1
votes

We provide a web app which currently offers SSO to Office 365. This works great as follows:

  1. User hits our website
  2. User selects "Sign in with Office 365"
  3. Office 365 authentication window launches
  4. User enters O365 credentials and is authenticated by O365
  5. We receive token and authenticate the user.

As I say this works fine. However we have noticed that if a user is already authenticated into O365 and then selects our app from the My Apps Launcher they receive the O365 authentication window and they have to authenticate again (which they shouldn't as their already logged into O365).

We've reviewed this page a bunch of times: https://msdn.microsoft.com/en-us/office/office365/howto/connect-your-app-to-o365-app-launcher

It suggests that what we want to do is possible: "The app launcher initiates sign-on to the sign-on URL for the application" however we can't find any documentation on how to discover the cached credentials for the currently authenticated user.

2
oauthoffice365app-launcher

2 Answers

1
votes

The app launcher initiates sign-on to the sign-on URL for the application

I assume you using the OpenID Connect. In the Azure AD, ensure the SIGN-ON URL is correct, it should be the same link as the "Sign in with Office 365" in your application.

enter image description here

0
votes

So we managed to resolve this issue. The problem was with one of the parameters in our end point URL. We had included the optional "prompt" param:

prompt [Optional] Indicate the type of user interaction that is required. Valid values are: -- login: The user should be prompted to re-authenticate.-- consent: User consent has been granted, but needs to be updated. The user should be prompted to consent. -- admin_consent: An administrator should be prompted to consent on behalf of all users in their organization.

Note that it doesn't describe the behaviour if omitted. Anyway removing it worked.