Enterprise logins cache user credentials

Description

Attempting to log in to ArcGIS Online with an enterprise login on a shared machine automatically logs in with the last used enterprise account, despite logging out from the previous session. This unintentionally allows users to log in to ArcGIS Online with a previously logged out administrator account, providing non-authorized personnel access to sensitive information and critical system settings.

Cause

The security settings for enterprise logins are not configured.

Solution or Workaround

Follow the steps below to resolve the issue:

1. Log in to ArcGIS Online with an administrator account.
2. Navigate to Organization > Settings > Security > Enterprise Logins > Edit Enterprise Login.
3. Click Show advanced settings.
4. Check the Enable Signed Request, Sign using SHA256, Propagate logout to Identity Provider, Update profiles on sign in, and Enable SAML based group membership check boxes. Click Update Identity Provider.

4. Download the service provider metadata and reapply it to the enterprise identity provider (IDP).
5. Clear the web browser cache.

The system now prompts for a sign in when accessing ArcGIS Online, and no longer automatically signs in with the last used account.