Overview
This will force a login using your microsoft account configured for SAML authentication each time you attempt to login to NPS-AM.
Description
This change will require login to authenticate via Azure SAML even if you are already logged into your microsoft account and upon each NPS-AM login via the Azure SAML connector.
The file we need to change is on your application drive at:
x:\Program Files\Stealthbits\PAM\Web\SamlRequestTemplate.xml
Here you’ll need to add ForceAuthn=“true” to the samlp:LAuthnRequest section (Before the closing > ) in the template file. Example:
Save the file and it should work immediately without the need to restart any services. This change is needed on all NPS-AM web/application servers that will be making the request. It is possible this file will be overwritten with an upgrade so I’d recommend checking after each upgrade and having a backup file to reference.
