Scenario:
-Users are on iPads
-Users have Microsoft Authenticator app installed on the iPads and are logged into their Microsoft account.
-We have a third party app that offers the capability for a user to login with SSO via Microsoft.
-The user clicks to launch the app, enters Microsoft credentials, they get an MFA prompt from authenticator and they log in.
At this point a refresh token should be created so the user no longer has to enter their user name and password. Conditional access policies are set to 90 reauthentication. Users have not reset their passwords and do not have more than 5 devices.
The problem we are experiencing is that the users ARE being asked to reauthenticate even if they do not change passwords and way before 90 days. In one case, I had a user who logged in and was asked to reauthtenicate about an hour later.
My question is, what MaaS360 configuration, or iOS policies, may be interfering or impactng the Microsoft Refresh token. It is almost like it is not being saved on the iPad, or is being wiped out? Once they authenticate, the token should be cerated and they should not have to enter their creds again until the 90 days, or password is reset.
------------------------------
Lisa Busby
------------------------------