Community

Force SAML users to reauthenticate after signing out in the application.

1002
5
03-28-2023 05:28 AM
Status: Open
Labels (2)
JustinReynolds
by
Occasional Contributor III

Force SAML users to reauthenticate after signing out in the application.  Users should be required to sign in with their credentials after they signed out within the application. 

For example.  Azure authentication occurs in the browser.  If a user signs out of the Field Maps application on a shared device, but their session remains active in their browser, the next user is never prompted for credentials. Instead they are now using the application as someone else and they may not have even noticed.  They are working within that users permissions and collecting data in their name.

It could also be the same user, but they would like to switch portals or accounts within the same portal.

The sign out should kill or disassociate the session.

The workaround is not intuitive and may not be easy for average users.  That is to launch the devices default browser, navigate to setting and clear the cookies.

5 Comments
VickyS
by
‎03-28-2023 05:42 AM

I fully support this. It is impractical for field users to clear a device cookies.   Users share Android devices and need to be able to sign in/out of FieldMaps.  

Thank you for creating this idea @JustinReynolds

schenardi
by
‎03-28-2023 07:26 AM

As I understand you have Azure as identity provider in Portal/ArcGIS Online. 

I'm curious if you configured the logout-url in the provider settings? That's the way how it should work. I currently don't have the url (but would be interested if you find it out).

 

VickyS
by
‎03-28-2023 08:12 AM

Yes we have configured the logout setting. I think it works on iOS but not Android.

JustinReynolds
by
‎03-28-2023 01:26 PM

@schenardi 

Thanks for pointer.  The relevant documentation is located in the link below.  Our group will be implementing this first in our dev/test environments. I'll follow-up with how that turns out.

https://enterprise.arcgis.com/en/portal/10.9.1/administer/windows/configuring-a-saml-compliant-ident....

 

VickyS
by
‎03-31-2023 02:05 AM

I have logged a support ticket with ESRI UK. This appears to have been fixed on iOS last year. 

Unable to sign out of Field Maps - Esri Community

Field Maps sign out not working : gis (reddit.com)