I'm facing an issue in my organization. We have two OpenVPN access server setup with the same licence key. We used to authenticate users through our Radius and Azure extension to use Azure AD MFA.
We recently upgraded our server to use the new SAML authentication method, but I'm facing a really weird behaviour that I can't explain. I'm using OpenVPN Connect to connect to the server, which then open a browser window to login my user.
First VPN : Redirect to browser -> Seems to remember Azure session as I'm logged in), never asks for any email / password. Sometimes MFA but that's not often.
Second VPN : Redirect to browser -> Always asks for email (even if i'm already logged in) -> then password -> then MFA (unless I select, don't ask me again, MFA is skipped for a while).
Why are these two acting differently ? both enterprise App have the exact same configuration, both OpenVPN Access have the same exact configuration too.
The version of openVPN access server is the latest one V2.11.1
There is some "prompt" parameters that can be defined inside the authorization URL but openVPN has no mention of this on their website / on the configuration interface of the SAML auth.
If I select this "Send ForceAuthn in AuthNRequest to request user interaction", this will ask my password but still no mfa
