Users are authenticated despite the choice not to be remembered

My users are authenticating through Microsoft Azure AD enterprise connection and it works great except for one scenario. The users are authenticated despite the choice not to be remembered.

When signing in, the users will be prompted with the question below. If the user clicks “Never” and “No” the expected behavior is, if the user closes the browser and enter the SPA again, they should not be authenticated, but they are.

When I have tested this I have done it in a browser session with cleared cache. I have set the lifetime of my access_token to be 5 minutes, still after 5 minutes the users are authenticated despite clicking “Never” and “No”.

Any suggestions on how to solve this?

Hi @davidjohanssonbf,

Welcome to the Auth0 Community!

Sorry for the delayed response. It looks like you are declining the IdP (Azure AD) persistent session, and not allowing Chrome to set a password. That all makes sense.

Have you Configure Session Lifetime Settings in the Auth0 dashboard?