Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1386
Views
0
Helpful
1
Replies

Need Keep Me Signed In Back in 365

C.Wade
Level 1
Level 1

‎09-27-2018 08:49 AM

Our use case is a bit odd but here we go:
We use a script called OneDriveMapper in Citrix to map users’ OneDrives to a virtual drive which minimizes redundant caching of files. OneDriveMapper makes use of session tokens stored in IE to authenticate to 365 - not a problem with Duo as we bypass MFA while in Citrix.

The problem we’ve come across is that some users are no longer prompted with “Keep Me Signed In” on the 365 login page meaning the token is not generated thus as user passwords are expiring so are the tokens, breaking the drive mapping.

Is it possible to bring back KMSI? We do not federate on-premises so the usual ADFS config change to turn on KMSI won’t work.

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎09-28-2018 08:08 AM

Are you using the Duo custom control for Azure AD conditional access. I don’t believe that the Duo control itself has any effect on Azure’s KMSI functionality. Have you tried playing with Azure’s token lifetimes? https://docs.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes
https://blogs.technet.microsoft.com/enterprisemobility/2017/08/31/changes-to-the-token-lifetime-defaults-in-azure-ad/

Duo, not DUO.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents