We’re working with a customer scenario where users authenticate through Azure AD, and then access IFS Cloud via external middleware (Node.js app calling IFS APIs).
Each time the middleware connects, users still see the IFS login splash screen and must click “Login with SSO”, even though they already have an active Azure session.

We’d like to achieve a more seamless experience — ideally silent or background SSO using the existing Azure token, while still keeping authentication user-based and license-compliant.

One of our colleagues suggested disabling two-factor authentication (MFA) for a specific SSO user in Azure AD to avoid the extra MFA dialog.
He also mentioned that another customer (APP10) successfully used a REST API call via an SSO user with MFA disabled.

Before we proceed, could anyone please confirm or share:

• If there’s any official documentation or configuration guide (IFS Cloud IAM + Azure AD) describing how to disable MFA for selected SSO users.

• Whether this approach truly allows a “silent” SSO experience (no popup/redirect) for API calls while remaining license-compliant.

• Any examples or best practices from similar implementations.