I'm probably asking the same question that dozens, if not hundreds of others have asked...
When using the SA as a reverse proxy, how can I enforce session termination after the user has closed their browser? I've tried the disable persistent session option, no joy with any browsers that support multiple tabs.
Even if a user has multiple browser windows open, with only one associated with the SA, if they close the SA application window, they can open a new window and bypass the first factor authentication.
Any suggestions would be greatly appreciated.