Core Library
MSAL.js (@azure/msal-browser)
Core Library Version
^5.1.0
Wrapper Library
MSAL Angular (@azure/msal-angular)
Wrapper Library Version
^5.0.0
Public or Confidential Client?
Public
Description
I’m currently working on implementing authentication using the Microsoft Authentication Library (MSAL) Angular standalone sample with redirect login mode. My goal is to enable a persistent login experience where users are not required to re-authenticate when the browser is closed and reopened.
As per the documentation, starting from MSAL v4, if a user selects "Keep Me Signed In" (KMSI) during the Microsoft login prompt, tokens are stored in a way that allows them to persist across browser sessions (i.e., they survive browser restarts without requiring re-authentication).
However, I’m facing an issue:
Issue
I am not seeing the "Keep Me Signed In" prompt during the login flow.
What I’ve Done
Tenant has a 15-day reauthentication policy configured.
No custom prompt behavior is explicitly set in the MSAL configuration.
- Tested across multiple browser sessions, but the KMSI option never appears.
Expected Behavior
During login, users should see the "Keep Me Signed In" prompt, allowing them to opt into persistent sessions.
Questions
- What conditions are required for the KMSI prompt to appear?
- Is there any specific configuration needed in:
Azure AD / Entra ID tenant settings?
MSAL Angular configuration?
-
Does the use of redirect vs popup flow impact the visibility of the KMSI prompt?
-
Are there any policies (e.g., Conditional Access, session settings) that suppress this prompt?
-
Is KMSI behavior dependent on account type (e.g., organizational vs personal)?
Goal
I want to implement MSAL Angular authentication such that:
Any guidance on why the KMSI prompt is not appearing and how to enable persistent sessions would be greatly appreciated.
Thanks in advance!
Error Message
No response
MSAL Logs
No response
Network Trace (Preferrably Fiddler)
MSAL Configuration
export function MSALInstanceFactory(): IPublicClientApplication {
return new PublicClientApplication({
auth: {
clientId: environment.msalConfig.auth.clientId,
authority: environment.msalConfig.auth.authority,
redirectUri: 'http://localhost:4200/redirect',
postLogoutRedirectUri: '/',
},
cache: {
cacheLocation: BrowserCacheLocation.LocalStorage,
},
system: {
allowPlatformBroker: false, // Disables WAM Broker
loggerOptions: {
loggerCallback,
logLevel: LogLevel.Info,
piiLoggingEnabled: false,
},
},
});
}Relevant Code Snippets
export function MSALInstanceFactory(): IPublicClientApplication {
return new PublicClientApplication({
auth: {
clientId: environment.msalConfig.auth.clientId,
authority: environment.msalConfig.auth.authority,
redirectUri: 'http://localhost:4200/redirect',
postLogoutRedirectUri: '/',
},
cache: {
cacheLocation: BrowserCacheLocation.LocalStorage,
},
system: {
allowPlatformBroker: false, // Disables WAM Broker
loggerOptions: {
loggerCallback,
logLevel: LogLevel.Info,
piiLoggingEnabled: false,
},
},
});
}Reproduction Steps
- Downloaded the MSAL Angular standalone sample from the official repository.
- Configured the sample with my Azure AD / Entra ID application details (client ID, tenant ID).
- Ensured no custom prompt parameters are set in the MSAL configuration.
- Used redirect login mode (loginRedirect) for authentication.
- Ran the application locally.
- Initiated login and completed authentication using a valid organizational account.
- Observed that the login flow completes successfully, but no "Keep Me Signed In" prompt is shown at any point.
- Closed the browser and reopened it — user is required to authenticate again.
Expected Behavior
During login, users should see the "Keep Me Signed In" prompt, allowing them to opt into persistent sessions so that re-authentication is not required after browser restart.
Identity Provider
Entra ID (formerly Azure AD) / MSA
Browsers Affected (Select all that apply)
Chrome, Edge
Regression
No response
Core Library
MSAL.js (@azure/msal-browser)
Core Library Version
^5.1.0
Wrapper Library
MSAL Angular (@azure/msal-angular)
Wrapper Library Version
^5.0.0
Public or Confidential Client?
Public
Description
I’m currently working on implementing authentication using the Microsoft Authentication Library (MSAL) Angular standalone sample with redirect login mode. My goal is to enable a persistent login experience where users are not required to re-authenticate when the browser is closed and reopened.
As per the documentation, starting from MSAL v4, if a user selects "Keep Me Signed In" (KMSI) during the Microsoft login prompt, tokens are stored in a way that allows them to persist across browser sessions (i.e., they survive browser restarts without requiring re-authentication).
However, I’m facing an issue:
Issue
I am not seeing the "Keep Me Signed In" prompt during the login flow.
What I’ve Done
Downloaded and configured the Angular standalone sample from the MSAL repository.
Using redirect login flow.
Verified that:
Expected Behavior
During login, users should see the "Keep Me Signed In" prompt, allowing them to opt into persistent sessions.
Questions
Does the use of redirect vs popup flow impact the visibility of the KMSI prompt?
Are there any policies (e.g., Conditional Access, session settings) that suppress this prompt?
Is KMSI behavior dependent on account type (e.g., organizational vs personal)?
Goal
I want to implement MSAL Angular authentication such that:
Users do not need to re-authenticate on browser relaunch.
Session persistence aligns with our tenant-level 15-day reauthentication policy.
Any guidance on why the KMSI prompt is not appearing and how to enable persistent sessions would be greatly appreciated.
Thanks in advance!
Error Message
No response
MSAL Logs
No response
Network Trace (Preferrably Fiddler)
MSAL Configuration
Relevant Code Snippets
Reproduction Steps
Expected Behavior
During login, users should see the "Keep Me Signed In" prompt, allowing them to opt into persistent sessions so that re-authentication is not required after browser restart.
Identity Provider
Entra ID (formerly Azure AD) / MSA
Browsers Affected (Select all that apply)
Chrome, Edge
Regression
No response