azure - Is it possible to remove the password field on the WAAD sign-in page when SSO is in use? -

we have windows azure active directory, configured custom domain, linked on-premise adfs (2.0) server federated authentication.

when go https://manage.windowsazure.net in clean browser session, i'm prompted https://login.microsoft.online.com email address. asks organizational vs. microsoft account, , if select organizational, i'm redirected our adfs server - good.

on other hand, on our own asp.net mvc applications use adal, login page (again login.microsoftonline.com) shows both username , password box. if type username, focus on password box, redirect @ point adfs.

this can rather confusing user experience - you've started typing password time redirect happens, hit enter, , of course authentication failure.

possibly better demonstration in screen recording: http://www.youtube.com/watch?v=hzypltsmcn8&feature=youtu.be

is there way of using username-only page rather username + password, or better yet, skipping waad page , redirecting straight adfs? (since users using sso anyway.)

the azure portal has email-only screen because needs disambiguate between azure ad accounts (organizational accounts) , microsoft accounts (personal accounts, formerly liveids).

if provide email address login_hint parameter in oauth 2.0 authorization request, azure ad lookup find out if it's federated domain, , if so, redirect adfs.

with adal, can provide using authenticationcontext.acquiretoken(string, string, uri, string) specify loginhint:

authenticationresult authresult =      authcontext.aquiretoken(resource, clientid, returnuri, loginhint); 

you will, however, have build own page collect email address.