I am new to Azure AD, and more specifically using the Single Sign-On capabilities for web based applications listed in the Single Sign On catalog. ADFS and Password sync is (correctly?) configured already for Office 365. Meaning, users can enter their user@domain.org email and are automatically logged in. Please forgive my ignorance...
I am attempting to understand why users are prompted to either enter their email address, or click a button on our organization's Access Panel, for applications configured for single-sign on. Screen Shot attached.
With competing services, for example OneLogin, when configured correctly, end-users on a domain joined workstations, logged in with their Active Directory credentials, are immediately logged into a supported application.
As is built now, when I utilize Azure AD Single Sign-On capabilities, users are prompted to verify their identity - either requiring a username@domain.org or by clicking a box with their username@domain.org already filled in.
I am using the Single Sign-On URL listed for the specific app in question found in the Azure management interface. When a configured end-user uses that link, they are directed to a page living on login.microsoftonline.com and forced to click a button with their corporate email. Below that is an option to use another account.
How do I bypass this? Is there an option to have users directly sent to the application and logged in without first having to enter (or confirm) their corporate account?
Thank you in advance!