When returning to Altamira HRM after logging out — using the browser's Back button, from browser history, or by navigating directly to the URL — you may not be prompted to enter your credentials again.

This behaviour depends on the type of logout performed. With the default logout, the session ends only on Altamira HRM, while the session on the Identity Provider (IdP) remains active. On the next access attempt, Altamira redirects the user to the IdP, which recognises them as already authenticated and redirects them back to Altamira without requesting credentials.

The flow is as follows:

1. The user logs out of Altamira HRM: the Altamira session ends, but the IdP session (e.g. Microsoft 365) remains active
2. The user returns to Altamira using the browser's Back button, from browser history, or by navigating directly to the URL
3. Altamira detects that the local session is no longer active and redirects the user to the IdP
4. The IdP recognises the user as already authenticated and does not request credentials
5. Altamira receives confirmation from the IdP and completes the login automatically

To prevent this behaviour, federated logout (Single Logout) can be enabled: when active, Altamira notifies the IdP at logout, closing the IdP session as well. In this case, the IdP will request credentials again on the next access.

To enable federated logout, see Configuring Single Sign-On.