Summary:
Typically, when we implement AZURE
AAD and ADFS, we would expert any federated URL’s would sign automatically. This
is quite expected behavior’, if any corporate users are already signed on their
computer not required sign on for all remaining resource. however, if you want to disallow some users from using
Seamless SSO sign in on shared kiosks. The SSO should bypass for those users. Let
see how to bypass.
Add the below URLs into Internet
Explorer Restricted Zone, adding this URL for set of computers can be via GPO
or GPO Preference for Shared Service Computers.
https://autologon.microsoftazuread-sso.com
and https://aadg.windows.net.nsatc.net
Once the URLs are present
in Restricted Zone.
Run the KLIST Purge
command on KIOSK Computers to refresh any new token.