Hi everyone,
SSO Integration works pretty well. However, when I apply a Conditional Access Policy (MFA) as a security precaution, users are not asked for MFA and they are able to authenticate without MFA.
When I raised the issue to the responsible team, their response was:
"When a user signs in to your application, the user is signing in to the generic Microsoft Graph endpoint.
As the endpoint is MS Graph and not your application, only CAPs filtering for MS Graph are getting applied.
This is also called the audience/application/scope/resource/ or instance. While they are (technically) not the same, for this discussion, they are mostly interchangeable, and the name only depends on how you set it up, where you are coming from, and where you are looking."
I have limited knowledge about this topic and they also told me that I have to solve this issue in application by changing the endpoint/audience (via Framework or the callback URLs).
Any suggestions for how to solve this issue?
Thanks.