29Şub
SSO – What should happen when the user clicks "Log out"
We are adding the ability for enterprises to configure login to our web application via external single-sign-on providers (initially via WS-FED, however, future versions will support additional protocols). Username/password authentication will also be available for customers that don't have/want to configure an external SSO provider, and also as a fall-back in cases where there is some problem with the SSO provider.
What should happen when users click the "Log out" button in our application?
- They are logged out of our application only so that other applications that authenticate via the SSO provider are still available.
- As above, but we additionally request re-authentication with the SSO provider.
- They are completely logged out of their SSO provider
