Skip to content

Commit be14d35

Browse files
yoelhoryoelhor
committed
Sign-out is limited to custom policy
1 parent 90693f6 commit be14d35

File tree

1 file changed

+7
-3
lines changed

1 file changed

+7
-3
lines changed

articles/active-directory-b2c/session-overview.md

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -95,13 +95,17 @@ Upon a sign-out request, Azure AD B2C:
9595
- SAML - If the identity provider metadata contains the `SingleLogoutService` location.
9696
1. Optionally, signs-out from other applications. For more information, see the [Single sign-out](#single-sign-out) section.
9797

98-
> [!NOTE]
99-
> The sign-out clears the user's single sign-on state with Azure AD B2C, but it might not sign the user out of their social identity provider session. If the user selects the same identity provider during a subsequent sign-in, they might reauthenticate without entering their credentials. If a user wants to sign out of the application, it doesn't necessarily mean they want to sign out of their Facebook account. However, if local accounts are used, the user's session ends properly.
98+
The sign-out clears the user's single sign-on state with Azure AD B2C, but it might not sign the user out of their social identity provider session. If the user selects the same identity provider during a subsequent sign-in, they might reauthenticate without entering their credentials. If a user wants to sign out of the application, it doesn't necessarily mean they want to sign out of their Facebook account. However, if local accounts are used, the user's session ends properly.
99+
100+
### Single sign-out
100101

101-
### Single sign-out
102+
103+
> [!NOTE]
104+
> This feature is limited to [custom policy](custom-policy-overview.md).
102105
103106
When you redirect the user to the Azure AD B2C sign-out endpoint (for both OAuth2 and SAML protocols), Azure AD B2C clears the user's session from the browser. However, the user might still be signed in to other applications that use Azure AD B2C for authentication. To enable those applications to sign the user out simultaneously, Azure AD B2C sends an HTTP GET request to the registered `LogoutUrl` of all the applications that the user is currently signed in to.
104107

108+
105109
Applications must respond to this request by clearing any session that identifies the user and returning a `200` response. If you want to support single sign-out in your application, you must implement a `LogoutUrl` in your application's code.
106110

107111
## Next steps

0 commit comments

Comments
 (0)