Force SAML users to reauthenticate after signing out in the application. Users should be required to sign in with their credentials after they signed out within the application.
For example. Azure authentication occurs in the browser. If a user signs out of the Field Maps application on a shared device, but their session remains active in their browser, the next user is never prompted for credentials. Instead they are now using the application as someone else and they may not have even noticed. They are working within that users permissions and collecting data in their name.
It could also be the same user, but they would like to switch portals or accounts within the same portal.
The sign out should kill or disassociate the session.
The workaround is not intuitive and may not be easy for average users. That is to launch the devices default browser, navigate to setting and clear the cookies.