Windows users accessing internet sites via Cloud SWG using WSS Agent.

SAML authentication enabled where, with every WSS Agent reconnect, user is prompted for his/her credentials before being able to browse successfully.

Is it possible to establish WSS Agent connection without having to login to the Entra SAML IDP server each time? 

Microsoft Entra/Azure.

WSS Agent.

SAML Authentication.

Microsoft Entra sessions are not cached, and with each WSS Agent reconnect, the HTTP requests into Entra do not contain any previous session information.

Single sign on from the WSS Agent into Microsoft Entra is possible when the following two conditions hold:

1. Installed WSS Agent on Windows must be 8.1.1 or newer and
2. The Windows workstation running WSS Agent has an account where user is logged into Microsoft Entra using following instructions:
   1. Go to Settings -> Accounts -> Access work or school and create a new connection
   2. Add the O365 email address with corresponding password
3. RECONNECT the WSS Agent and confirm that it connects and authenticates successfully with no password prompt.

Reference:

• Join your work device to your work or school network