We have implemented ADFS for a few federated cloud services. It works great internally. Our federated partner sites log users in seamlessly as expected, without requiring a username or password. It passes the user directly into his or her online profile. Flawless.
However, the experience breaks down a bit when logging into the same services externally. Instead, in order for the user to sign in, I have to disable "automatic login" for trusted/intranet sites and instead select "prompt for username and password."
Is there anyone out there with more ADFS savvy than I, who can tell me if transparent login can be configured for a domain-joined laptop that is being used remotely to access federated resources? Or will my laptop users be forced to disable automatic login so they can work remotely?
Does anybody have any suggestions for how to tackle this issue? Right now, I've basically had to force laptop users to enter their username and password to access these sites, even inside the office, so their access also works outside. Since I'm very new to ADFS, I'm not sure if a cached network login on a remote domain-joined laptop will be able to authenticate as it does when on the domain. Evidence certainly doesn't point to the contrary at this point.