Good Day
I have integrated Meraki into Azure EntraID (SAML SSO SP initiated.)
My Azure User account (login for many employee apps) is firstname.lastname@parl.gc.ca. My Azure Admin account (login for Meraki Dashboard) is azure.firstname.lastname@org.com. When authenticating to most employee apps they prompt asking me to sign-in, Meraki Dashboard SSO does not. It automatically tries my user account which fails. The sign-in box prompt works when using incognito/private browser. It also works if I login to something else with my Azure Admin account because it is cached.
How do I ensure the sign-in prompt always prompts? According to Microsoft this can be achieved by appending “&prompt=select_account” parameter in the URL. Here is the reference article:
https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow
prompt=select_account interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.
If I go to https://org-name.sso.meraki.com I get redirected to https://n1.meraki.com/login/dashboard_login/org-name?eid=JYDZDc9wb&sso=true
The “Log in with SSO” link is:
https://login.microsoftonline.com/d35fe7ad-abdf-4422-8ef9-8234b7a904/saml2?SAMLRequest=fZFLS8QwFIX%2FSndZpe1k%2BgxtoTgIAyqi4sKNpEnqBPOouSnqv7ftIOhCN1kk38k599wGmNET7edwsnfybZYQosNyKMuCcrZFpxAmoEmi3YuysVHcO3BjcFYrK2PuTCL2%2BShLJjAbxIizjBBcybHGFdlnQ8ZLVqdZstoQFB0PLXpm9a4q62rBqpLhrJAjroQYcCEGwvK8ElzUCwowy6OFwGxoEUlJjtMck%2FphV9A8o2nxhKJH6WFLSeIURR9GW6CrU4tmb6ljoIBaZiTQwOl9f31FF5AyAOnX6X5Kpv81k3fBcadR16w03dL57rud5Vngk%2BMxgIuN9OxVrd00yU%2B4OXd9s3x%2BPNw6rfhn1Gvt3i%2B8ZEG2KPhZoujSecPC33F28W67UQKPG0qlYUr3QngJgJLu7Pp7qd0X
If I manually append “&prompt=select_account” after the “SAMLRequest=value” it works, I get the sign-in prompt:
https://login.microsoftonline.com/d35fe7ad-abdf-4422-8ef9-8234b4c7a904/saml2?SAMLRequest=fZFLS8QwFIX...&prompt=select_account
Is there a way that we can set the “&prompt=select_account” after the “SAMLRequest=value” ?
Thanks,