Support Center

Service Provider initiated login behavior using SSO applications

If multiple accounts are being used on the same system where SSO enable applications are being used, and users are performing an SP initiated login, the following behavior may be observed:

In this example, Office 365 is being used.
  1. Go to https://portal.office.com/Home
  2. Enter user1@example.com and get redirected to the JumpCloud SSO login page.
  3. Sign in as user1@example.com and get redirected to Office 365 landing page for user1
  4. Sign out of user1 within Office 365, the browser may or may not be closed
  5. Go to https://portal.office.com/Home
  6. Enter user2@example.com
  7. The SP initiated login briefly redirects to the JumpCloud SSO login, then redirects back to Office 365 logged in with user1
This is expected behavior that follows SAML specification. The previous session is still active and asserts the previous user's identity to the service provider. 

The appropriate method for using SSO applications with multiple users on the same system would be to use a different browser for the secondary user, or perform an Identity Provider initiated login, in which case the workflow will require the user log out of the JumpCloud console as user1 and login again as user2, allowing the assertion of the new identity to the Service Provider.
 

Last Updated: Feb 21, 2017 04:11PM MST

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete