Change in Edge/Chromium profile settings broke my Azure Entra ID SSO
Background
I have recently hit a problem whilst developing some training material on Single Sign on (SSO) in GitHub Enterprise. This training is to be delivered in a training instance of GHE that is configured to use a training instance of Azure Entra ID as the SAML identity provider.
To make my life easier, so I am not logging in and out of my work and test Azure Entra ID directories, I have been using profiles in my Chromium based Edge browser. This means I have two copies of Edge running, one for my 'real' work directory and the other for the training directory.
I thought I had left my training GHE instance SSO configured and working, but when I came to test it I found that I could not login. I found the following:
- In my Edge browser (training profile) I would go to the GHE login page and login
- I would be prompted for the normal GitHub 2FA login
- I would be asked if I wished to do the SSO Azure Entra ID login, which I confirmed
- I would expect to be redirected to the Azure Entra ID login page in the current Edge profile. However, it opened in my 'real' work Edge profile instance with a 404 error
The Solution
The solution was to change the Edge profile settings
- In the training Edge instance open the settings
- Select Settings > Profile > Profile Preferences
- Turn off the 'Account based profile switching' option
If I then retried my SSO login, the Entra ID tab opened in the correct profile and I was able to login.
As I am sure this was working in the recent past, I assume this is a change in the Edge profile default settings. Hopefully this post will mean other people don't waste time trying to work out what is going on.