SSO Capability for Web-Applications from OS-Authenticated Sessions via AA-Client
Dear Support,
With AA it is possible to authenticate Oatuh2, OIDC, SAML2 connected WebApplications with Authentication-Chains or FIDO2.
That means it is necessary to authenticate every time against all the connected web-applications which is a high effort for the end user.
It would be ideal if AA could recognize that the user is accessing from an OS which was previously authenticated to be then able to use this authenticated session as a SSO against the connected Web-Application.
Scenario ToDay:
- AA-Client is installed on the OS (for example Windows)
- User authenticates against AA via AA Credential Provider and is successfully authenticated against Windows
- User starts a Web-Application which is connected through AA
- AA OSP is shown in the Web-Browser
- User authenticates again against AA via AA OSP by submitting the the Authenitcation Chains
- Now the user is successfully authenticated against the Web-Application
Scenario IDEA-Request
- AA-Client is installed on the OS (for example Windows)
- User authenticates against AA via AA Credential Provider and is successfully authenticated against Windows
- User starts a Web-Application which is connected through AA
- AA OSP recognizes that user is accessing from a machine where AA Client is installed, and an authenticated user session exists. Because of this user gets authenticated against AA.
- Now the user is successfully authenticated against the Web-Application
This should be an Option which can be activated for every SAML2/OAUTH2/OIDC Event within the AA Admin. (see screenshot)