Win login with federation

Our domain-branded machines joined a federated domain, yet the Win logon WebView behaves unpredictably in Edge.

Every user, on starting left users list in the machine—no exceptions—sees “Other User” instead of user@domain, the field to insert the username never remembers their UPN between sessions, and the sign-in button usually requires a double click before authentication progresses.

Once control shifts to our IDP, the device-recognition cookie the IDP tries to plant is silently rejected, so the “known device” flow never kicks in. All of this adds unnecessary seconds to each login.

I need someone deeply familiar with Windows login, WebView, Edge, SAML 2.0, OIDC, and ideally Entra ID to straighten this out.

First priority is eliminating every one of the above pain points; after that, streamlining the overall handshake so the session feels instantaneous.

Deliverables (acceptance criteria)
• Username field auto-populates and persists as user@domain for every user
• Single click on the sign-in button advances the flow 100 % of the time
• IDP cookie lands successfully, proving out a known-device scenario
• End-to-end login noticeably faster and free of extra prompts

Provide a short outline of how you’ll diagnose WebView and Edge behaviours, then dive in.

Screenshots, registry tweaks, policy changes or code snippets—whatever solution you craft—must be documented so we can reproduce it across the fleet.

Thanks