Hello,

We have configured an OKTA Auth Service (SAML2.0) for our Pega Cloud environments but the log off does not end the Pega Auth session.

We have confirmed via the Okta logs that logging off hits the Okta logout and ends session, but if a user navigates back to prweb/PRAuth/ssoname it will tunnel them directly back into Pega without re-authenticating, which tells me it's using their initial auth session.

Have also tested directly navigating to "Login Location" Okta URL post-logout and it prompts for reauthentication there, but again if directly navigating to Pega it does not prompt for reauth.

I've checked logout-location and followed a guide for OIDC (same issue) but have not found a solution.

Thanks