Single Sign On with Active Directory Does Not Behave as Expected

Problem statement

An Active Directory connection for an application has been configured. The intended behavior is that it will be used for logins both from internal accounts ( and also from external Microsoft accounts (for example

However, Single Sign On does not behave as expected. Clicking Login with Microsoft at the Login form results in an email/password prompt being displayed every time. This happens even if the user is currently logged in with a company account.


A HAR file that captures the login flow would be useful. For further details, refer to Generate and Analyze HAR Files.


The behavior may be triggered when the prompt=login parameter is passed to the /authorize endpoint.


Check to see whether the prompt=login parameter is being passed to the /authorize endpoint. If present, remove “prompt=login” from the argument string that is passed to /authorize and then attempt an SSO login again.