SharePoint Online constantly prompts for credentials (for some users)
This is hard information to find except by troubleshooting: You need all of these added to your Trusted Sites list, and the list keeps changing over time, so every time the problem comes up you have to do more troubleshooting to figure out what new site or domain they introduced into the authentication piece.
- *.microsoftonline.com
- *.windows.net
- *.sharepoint.com
- *.office.com
- *.office365.com
- *.outlook.com
- *.lync.com
Blogs describing similar issues:
- https://blog.kloud.com.au/tag/trusted-sites/
- https://blogs.technet.microsoft.com/victorbutuza/2016/06/20/o365-internet-explorer-protected-mode-and-security-zones/
- https://answers.microsoft.com/en-us/msoffice/forum/msoffice_other-mso_winother-mso_o365b/the-current-webpage-is-trying-to-open-a-site-in/c42e5a1d-c955-4890-b974-ceab86176d29
Related videos on Youtube
Allan Pedersen
Updated on September 18, 2022Comments
-
Allan Pedersen over 1 year
We have 150 users who should be, and appear to be, identically configured, but 8 of them get a different authentication workflow.
How it works:
At our company we use Office 365. We have 150 users that login using Office 365, and, like many others, we have a company SharePoint site. "company.sharepoint.com"This site is the default homepage in our IE (set using GPO). We add the site to 'trusted sites' and check "Automatic logon with current username and password".
Which means, when the user opens Internet Explorer, he is directly sent to the company FrontPage (this is all done by GPO).
How it doesn't work:
Now 8 out of those 150 users are not sent directly to the company.sharepoint.com. If IE has been closed they are instead sent to login.microsoftonline.com where they are forced to simply click their O365 credentials, and without typing a password they are sent to the company.sharepoint.comSo, in short, they have another step.
Here is where it gets super strange
I expected to find differences like maybe issues with trusted sites. There are no differences between a working and a non-working user.
I took a user who logs in directly and a user who doesn't and performed the following:
- completely removed all from credentials manager
- checked all IE settings were identical
- checked users were identical in Office 365 Administrator
- completely reset the IE to factory defaults
- deleted all temporary files.
Having done that, the problem persisted.
But... there is 1 difference
It took me a little while to find out. The 150 working users, all went from Windows 10, 1607 -> 1709. But the 8 with the extra credentials step, all had 1703 for a few weeks in between.Conclusion
I have no idea.
-
OneOfThePetes about 5 yearsHandy to know, cheers!