Question

How to Sign Out from Both Mendix Web App and Microsoft Azure AD?

0

Since my Mendix Web App uses OIDC SSO with Microsoft Azure AD for authentication, I want to enhance the functionality of the "Sign Out" button in the navigation menu to also log the user out from Microsoft Azure AD. How can I achieve this?

asked 2025-02-13

Jeff Yu

2 answers

0

I think it's documented how to do this:

https://docs.mendix.com/appstore/modules/oidc/#logging-out

answered 2025-02-19

Jaap Francke

Johan Flikweert · Accepted Answer · 2025-02-13

Hi Jeff,

For security reasons, it's indeed recommended when a users click on "Sign out" to not only end the session of the Mendix application, but also the session of the SSO provider. I doubt how useful it actually is when the Microsoft account is linked to the Windows user, though.

To Sign out at Microsoft Azure, you should redirect the user to the following URL after ending the Mendix session: https://login.microsoftonline.com/common/oauth2/v2.0/logout

A page will be served such that the user can choose which account to sign out from.

In the OIDC module, this can be achieved by invoking the nanoflow "ACT_Logout", this will use the configured end_session_endpoint in your OIDC configuration. This is most of the times configured correctly, as it is automaticall imported from the "Automatic configuration URL", https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration.

Good luck!

Kind regards,

Johan