Every time you open a vision client, a new session is created in Vision. In your case, the IdP authentication strategy is set, which displays a splash screen with a button to log into the IdP. When you click the button, your system’s default web browser is opened and navigated to the IdP for authentication. Once you authenticate at the IdP, it redirects you back to the Gateway, which links the authentication response with your new Vision session.
If your web browser already has an authenticated session with the IdP, you will not be required to login. This is how IdP authentication works in general (SSO in the web). This functionality assumes a single user per device. It improves security and usability by reducing the number of times you have to re-enter your credentials for every app you log into. If you have a shared device, this is not desired. In this case, you can Always ask the IdP to re-authenticate users by default in Designer > Project Menu > Properties > General, which will make the Gateway ask the IdP to re-verify the user’s credentials by default for every IdP request which comes from the project. If you’re using Ignition’s internal IdP, you can also reduce the session timeout to as low of a value as possible.
There are also some good safeguards brought up in this post: [BUG] Perspective auto logout fails to actually log out of IdP - #6 by nicholas.robinson - on shared workstation web browsers, you can disable (1) the ability to allow users to store credentials, (2) the ability to allow users to automatically sign into web sites, and (3) disable storage of cookies. While this post was more geared towards a Perspective project, this would also apply to Vision as well, since the system’s default web browser is used for IdP authentication.