I am having some trouble with AzureAD joined machines and SSO on the ZPA Client Connector App.
We have consultants that I have given access with user accounts on our domain @ourdomain.com. Their computers are AzureAD joined machines with their domain @consultant.com. When they log into the Client Connector App, they put in the user account @ourdomain.com and select the correct cloud. Normally this should send them to a Microsoft Sign on page where they can enter their account (@ourdomain.com) and password. However, since their machines are AzureAD Joined the computer is automatically passing their @consultant.com address to Microsoft login. This ends up erroring out since of course that account does not have rights nor is in my Microsoft tenant. How can I prevent the application from automatically sending @consultant.com and making it prompt for username/passsword?
I have found this (How to prevent browser SSO for AAD joined machines?) which describes the same situation, but I have not been able to find a solution.