cancel
Showing results for 
Search instead for 
Did you mean: 
BenSwaby
Occasional Member - Level 2

Are you seeing these security flaws with Azure SSO

When using Azure SSO, the product seems to have some "security" flaws.  Here are my top 3 flaw and 1 bonus annoyance that I would love suggestions on how to resolve.

 

1. (flaw) concur only looks suffix (@domain.com) on a login and never looks at prefix.  This means that an account happens to still be authenticated with  Azure AD, then you are going in as that person regards what you username you type in for concur

 

2. (flaw) in an SSO setup,  clicking log out of concur doesn't mean you actually logged out.  a person could easily go to the concursolutions.com website, click login, type your email, and get in without any prompt for a password

 

3. (flaw) concur never checks to see if you are still authenticated with Azure SSO.  Basically, if you log out an azure authenticated browser, you can still go back to concur and do whatever your account allows.

 

4. (annoyance) when not previously authenticated with Azure SSO, you are prompted twice for username.  Concur never caries over the username to Azure SSO  

0 Replies