@felix - why does your Sharepoint use different URLs? Curious about that setup. If you are only using it for the sharepoint, you can try to set the domain cookie under the Access Policy. My default, APM Policy will set a host-level cookie - so if you have two URLs - sharepoint.company.com and library.company.com, this would require two different access sessions, setting a domain-level cookie, or setting up multi-domain SSO. The easiest test to see if you can avoid the problem is to setup domain level cookie just to ensure that it would address the issue. Then, if it works, you can try to setup Multiple Domains under SSO and configure each cookie for the host-level entry