Kinetic - Azure AD Disable Basic Authentication in Browser

Mark_Wonsil · November 19, 2024, 5:05pm

I think each app server always gets Basic Auth but then you can add others.

Mohamed_Yusuff_S · November 19, 2024, 5:05pm

My manager want that all users must login using Azure AD not using basic authentication

Mark_Wonsil · November 19, 2024, 5:06pm

Understood. What is your plan if Entra is unavailable?

Mohamed_Yusuff_S · November 19, 2024, 5:06pm

Is there a way I can force web users to login only through Azure AD

Mohamed_Yusuff_S · November 19, 2024, 5:08pm

We will redeploy the application to accept basic authentication

Mohamed_Yusuff_S · November 19, 2024, 5:09pm

Even I am looking for a dynamic approach for certain users to allow both basic and azure ad method

Mark_Wonsil · November 19, 2024, 5:25pm

Unless someone else has other ideas (like @olga), the only way I know right now is to not give the user the password.

Olga · November 19, 2024, 5:34pm

I was not working with this, ask someone else

Olga · November 19, 2024, 5:35pm

no, it is also applied to AAD and IDP, not only windows SSO.

josecgomez · November 19, 2024, 5:43pm

I can confirm that using the SSO Required flag works for us 2024.1

Mark_Wonsil · November 19, 2024, 5:44pm

If there’s not a flag to put on the url that restricts which authentication model is prompted, I would file a bug report since it appears should restrict by the SSO flag.

utaylor · November 19, 2024, 5:48pm

And as @josecgomez is saying, the flag does work.

Can you do a screen recording @Mohamed_Yusuff_S of how you have required turned on and you go to browser login and all of a sudden it lets you pick basic?

Thanks,

Utah

Mohamed_Yusuff_S · November 19, 2024, 5:49pm

Our environment has 2022.6 version . It will be big challenge if we migrate to the newer version which doesn’t have desktop client

utaylor · November 19, 2024, 5:52pm

That’s what I was seeing as well in 2023.1… where I would have RequireSSO, but then they could drop down the basic auth.

You can see me on this thread doing the same thing you are: Using SSO on browser prompts me with a windows login, anyone know why? - #20 by andrew.johnson

Well actually @TobyLai was the one saying that they were trying to disable basic auth I think and that there was a dev task out there to fix it TASK7247870.

Mohamed_Yusuff_S · November 19, 2024, 5:53pm

Great idea I will share the video recording now

Mark_Wonsil · November 19, 2024, 5:55pm

2024.1, the version that Jose is using, still has the desktop client. Kinetic 2025 will too. Starting with 2026.1 will be the first browser only version. But I’m confused. You want SSO in the browser…and SSO works in the client.

utaylor · November 19, 2024, 5:58pm

They don’t want anyone to be able to use basic auth to login for anything.

That’s what I am gathering. I think the video will show more.

JasonMcD · November 19, 2024, 6:11pm

That’s pretty effective…

And if they know their password, reset it and email it to yourself (not to them).

utaylor · November 19, 2024, 6:12pm

It’s just someone could brute force.

Mohamed_Yusuff_S · November 19, 2024, 6:13pm

The video recording for your review