Hi @a.cardona
Welcome to the Auth0 Community!
Implementing a silent logout from MS AD without the account selection screen should be possible by making a couple of adjustments, please allow me to share my thoughts on possible changes and some useful documentations on this matter:
- use Federated Logout to ensure your user is logged out of AD and not just out of the application, especially in an environment with shared workstations. If you are using Angular SDK, you can set the
federatedproperty totrueunderlogoutParams, please check Interface LogoutOptions; - under your Azure AD Enterprise Connection settings, you could find a “Use common endpoint” option. Enabling this setting has created a more consisted user logout experience, as described in Federated logout with Azure Active Directory ;
- you might need to add
login_hintas an optional parameter within AD and ensure thatopenindandprofilescopes are included in your initial sign-in request.
For the last point above, I recommend reading through the official Microsoft documentations on this matter, namely:
- Bypass User Selection Prompt When Signing Out of OpenID Connect/OAuth2 Applications | Microsoft Learn;
- Issue with logout_hint not suppressing account selection prompt - Microsoft Q&A.
Hopefully this allows you to achieve the desired flow and improve the overall security of your environment. Let us know if you require any further assistance on this matter and do not hesitate to reach out to us fr any other issues or requests.
Have a great one!
Gerald