![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 50%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,599 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 55.00000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello @simgib,
Thank you for posting your query on Microsoft Q&A.
I understand that you are updating a legacy .Net Framework 4.8 Webforms app to use Entra External Id for authentication. This is working and you can sign in and out no problem.
The issue you have is with the Entra "keep me signed in" functionality.
You want to know what is the best way to ensure that your app correctly applies the user's "keep me signed in" selection from the Entra flow?
Please note that if you have configured your application in normal Microsoft Entra ID Workforce tenant, then there is an option available in Microsoft Entra admin center to enable Keep me signed in(KMSI) prompt for the users in your tenant when accessing the application.
The Stay signed in? prompt appears after a user successfully signs in. This process is known as Keep me signed in (KMSI).
Prerequisites
Configuring the 'keep me signed in' (KMSI) option requires one of the following licenses:
- Microsoft Entra ID Free
- Office 365 (for Office apps)
- Microsoft 365
You must have the Global Administrator role to enable the 'Stay signed in?' prompt.
How does it work?
If a user answers Yes to the 'Stay signed in?' prompt, a persistent authentication cookie is set. The cookie must be stored in session for KMSI to work. KMSI doesn't work with locally stored cookies. If KMSI isn't enabled, a non-persistent cookie is issued and lasts for 24 hours or until the browser is closed.
Steps to Enable the 'Stay signed in?' prompt
The KMSI setting is managed in User settings.
- Sign in to the Microsoft Entra admin center as a Global Administrator.
- Browse to Identity > Users > User settings.
- Set the Show keep user signed in toggle to Yes.
Please note that this Show keep user signed in setting is a tenant wide settings and will be applicable to all the users in your Microsoft Entra ID Workforce tenant.
For additional information regarding Keep me signed in(KMSI) prompt, please refer to the below document for your reference.
Manage the 'Stay signed in' prompt in Microsoft Entra ID - Microsoft Entra | Microsoft Learn
Since you have mentioned that you are updating a legacy .Net Framework 4.8 Webforms app to use Entra External Id for authentication, please note that 'Keep me signed in (KMSI)' option is not yet available in Microsoft Entra External tenant.
For additional information on what is supported in external tenants see Supported features in workforce and external tenants.
I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".